<!DOCTYPE html>
<html lang="en">

<head>
  <meta http-equiv="Content-type" content="text/html; charset=utf-8">
  <meta http-equiv="Content-Language" content="en-us">
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <meta http-equiv="X-UA-Compatible" content="IE=edge">
  <title>Snyk test report</title>
  <meta name="description" content="71 known vulnerabilities found in 244 vulnerable dependency paths.">
  <base target="_blank">
  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
    sizes="194x194">
  <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
  <style type="text/css">
  
    body {
      -moz-font-feature-settings: "pnum";
      -webkit-font-feature-settings: "pnum";
      font-variant-numeric: proportional-nums;
      display: flex;
      flex-direction: column;
      font-feature-settings: "pnum";
      font-size: 100%;
      line-height: 1.5;
      min-height: 100vh;
      -webkit-text-size-adjust: 100%;
      margin: 0;
      padding: 0;
      background-color: #F5F5F5;
      font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
    }
  
    h1,
    h2,
    h3,
    h4,
    h5,
    h6 {
      font-weight: 500;
    }
  
    a,
    a:link,
    a:visited {
      border-bottom: 1px solid #4b45a9;
      text-decoration: none;
      color: #4b45a9;
    }
  
    a:hover,
    a:focus,
    a:active {
      border-bottom: 1px solid #4b45a9;
    }
  
    hr {
      border: none;
      margin: 1em 0;
      border-top: 1px solid #c5c5c5;
    }
  
    ul {
      padding: 0 1em;
      margin: 1em 0;
    }
  
    code {
      background-color: #EEE;
      color: #333;
      padding: 0.25em 0.5em;
      border-radius: 0.25em;
    }
  
    pre {
      background-color: #333;
      font-family: monospace;
      padding: 0.5em 1em 0.75em;
      border-radius: 0.25em;
      font-size: 14px;
    }
  
    pre code {
      padding: 0;
      background-color: transparent;
      color: #fff;
    }
  
    a code {
      border-radius: .125rem .125rem 0 0;
      padding-bottom: 0;
      color: #4b45a9;
    }
  
    a[href^="http://"]:after,
    a[href^="https://"]:after {
      background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
      background-repeat: no-repeat;
      background-size: .75rem;
      content: "";
      display: inline-block;
      height: .75rem;
      margin-left: .25rem;
      width: .75rem;
    }
  
  
  /* Layout */
  
    [class*=layout-container] {
      margin: 0 auto;
      max-width: 71.25em;
      padding: 1.9em 1.3em;
      position: relative;
    }
    .layout-container--short {
      padding-top: 0;
      padding-bottom: 0;
      max-width: 48.75em;
    }
  
    .layout-container--short:after {
      display: block;
      content: "";
      clear: both;
    }
  
  /* Header */
  
    .header {
      padding-bottom: 1px;
    }
  
    .paths {
      margin-left: 8px;
    }
    .header-wrap {
      display: flex;
      flex-direction: row;
      justify-content: space-between;
      padding-top: 2em;
    }
    .project__header {
      background-color: #4b45a9;
      color: #fff;
      margin-bottom: -1px;
      padding-top: 1em;
      padding-bottom: 0.25em;
      border-bottom: 2px solid #BBB;
    }
  
    .project__header__title {
      overflow-wrap: break-word;
      word-wrap: break-word;
      word-break: break-all;
      margin-bottom: .1em;
      margin-top: 0;
    }
  
    .timestamp {
      float: right;
      clear: none;
      margin-bottom: 0;
    }
  
    .meta-counts {
      clear: both;
      display: block;
      flex-wrap: wrap;
      justify-content: space-between;
      margin: 0 0 1.5em;
      color: #fff;
      clear: both;
      font-size: 1.1em;
    }
  
    .meta-count {
      display: block;
      flex-basis: 100%;
      margin: 0 1em 1em 0;
      float: left;
      padding-right: 1em;
      border-right: 2px solid #fff;
    }
  
    .meta-count:last-child {
      border-right: 0;
      padding-right: 0;
      margin-right: 0;
    }
  
  /* Card */
  
    .card {
      background-color: #fff;
      border: 1px solid #c5c5c5;
      border-radius: .25rem;
      margin: 0 0 2em 0;
      position: relative;
      min-height: 40px;
      padding: 1.5em;
    }
  
    .card .label {
      background-color: #767676;
      border: 2px solid #767676;
      color: white;
      padding: 0.25rem 0.75rem;
      font-size: 0.875rem;
      text-transform: uppercase;
      display: inline-block;
      margin: 0;
      border-radius: 0.25rem;
    }
  
    .card .label__text {
      vertical-align: text-top;
        font-weight: bold;
    }
  
    .card .label--critical {
      background-color: #AB1A1A;
      border-color: #AB1A1A;
    }
  
    .card .label--high {
      background-color: #CE5019;
      border-color: #CE5019;
    }
  
    .card .label--medium {
      background-color: #D68000;
      border-color: #D68000;
    }
  
    .card .label--low {
      background-color: #88879E;
      border-color: #88879E;
    }
  
    .severity--low {
      border-color: #88879E;
    }
  
    .severity--medium {
      border-color: #D68000;
    }
  
    .severity--high {
      border-color: #CE5019;
    }
  
    .severity--critical {
      border-color: #AB1A1A;
    }
  
    .card--vuln {
      padding-top: 4em;
    }
  
    .card--vuln .label {
      left: 0;
      position: absolute;
      top: 1.1em;
      padding-left: 1.9em;
      padding-right: 1.9em;
      border-radius: 0 0.25rem 0.25rem 0;
    }
  
    .card--vuln .card__section h2 {
      font-size: 22px;
      margin-bottom: 0.5em;
    }
  
    .card--vuln .card__section p {
      margin: 0 0 0.5em 0;
    }
  
    .card--vuln .card__meta {
      padding: 0 0 0 1em;
      margin: 0;
      font-size: 1.1em;
    }
  
    .card .card__meta__paths {
      font-size: 0.9em;
    }
  
    .card--vuln .card__title {
      font-size: 28px;
      margin-top: 0;
    }
  
    .card--vuln .card__cta p {
      margin: 0;
      text-align: right;
    }
  
    .source-panel {
      clear: both;
      display: flex;
      justify-content: flex-start;
      flex-direction: column;
      align-items: flex-start;
      padding: 0.5em 0;
      width: fit-content;
    }
  
  
  
  </style>
  <style type="text/css">
    .metatable {
      text-size-adjust: 100%;
      -webkit-font-smoothing: antialiased;
      -webkit-box-direction: normal;
      color: inherit;
      font-feature-settings: "pnum";
      box-sizing: border-box;
      background: transparent;
      border: 0;
      font: inherit;
      font-size: 100%;
      margin: 0;
      outline: none;
      padding: 0;
      text-align: left;
      text-decoration: none;
      vertical-align: baseline;
      z-index: auto;
      margin-top: 12px;
      border-collapse: collapse;
      border-spacing: 0;
      font-variant-numeric: tabular-nums;
      max-width: 51.75em;
    }
  
    tbody {
      text-size-adjust: 100%;
      -webkit-font-smoothing: antialiased;
      -webkit-box-direction: normal;
      color: inherit;
      font-feature-settings: "pnum";
      border-collapse: collapse;
      border-spacing: 0;
      box-sizing: border-box;
      background: transparent;
      border: 0;
      font: inherit;
      font-size: 100%;
      margin: 0;
      outline: none;
      padding: 0;
      text-align: left;
      text-decoration: none;
      vertical-align: baseline;
      z-index: auto;
      display: flex;
      flex-wrap: wrap;
    }
  
    .meta-row {
      text-size-adjust: 100%;
      -webkit-font-smoothing: antialiased;
      -webkit-box-direction: normal;
      color: inherit;
      font-feature-settings: "pnum";
      border-collapse: collapse;
      border-spacing: 0;
      box-sizing: border-box;
      background: transparent;
      border: 0;
      font: inherit;
      font-size: 100%;
      outline: none;
      text-align: left;
      text-decoration: none;
      vertical-align: baseline;
      z-index: auto;
      display: flex;
      align-items: start;
      border-top: 1px solid #d3d3d9;
      padding: 8px 0 0 0;
      border-bottom: none;
      margin: 8px;
      width: 47.75%;
    }
  
    .meta-row-label {
      text-size-adjust: 100%;
      -webkit-font-smoothing: antialiased;
      -webkit-box-direction: normal;
      font-feature-settings: "pnum";
      border-collapse: collapse;
      border-spacing: 0;
      color: #4c4a73;
      box-sizing: border-box;
      background: transparent;
      border: 0;
      font: inherit;
      margin: 0;
      outline: none;
      text-decoration: none;
      z-index: auto;
      align-self: start;
      flex: 1;
      font-size: 1rem;
      line-height: 1.5rem;
      padding: 0;
      text-align: left;
      vertical-align: top;
      text-transform: none;
      letter-spacing: 0;
    }
  
    .meta-row-value {
      text-size-adjust: 100%;
      -webkit-font-smoothing: antialiased;
      -webkit-box-direction: normal;
      color: inherit;
      font-feature-settings: "pnum";
      border-collapse: collapse;
      border-spacing: 0;
      word-break: break-word;
      box-sizing: border-box;
      background: transparent;
      border: 0;
      font: inherit;
      font-size: 100%;
      margin: 0;
      outline: none;
      padding: 0;
      text-align: right;
      text-decoration: none;
      vertical-align: baseline;
      z-index: auto;
    }
  </style>
</head>

<body class="section-projects">
  <main class="layout-stacked">
        <div class="layout-stacked__header header">
          <header class="project__header">
            <div class="layout-container">
              <a class="brand" href="https://snyk.io" title="Snyk">
                <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
                  <title>Snyk - Open Source Security</title>
                  <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
                    <g fill="#fff">
                      <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
                    </g>
                  </g>
                </svg>
              </a>
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
                <p class="timestamp">November 13th 2022, 12:22:50 am</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following path:</span>
                <ul>
                  <li class="paths">quay.io/argoproj/argocd-applicationset:v0.4.1/argoproj/argocd-applicationset (deb)</li>
                </ul>
              </div>
    
              <div class="meta-counts">
                <div class="meta-count"><span>71</span> <span>known vulnerabilities</span></div>
                <div class="meta-count"><span>244 vulnerable dependency paths</span></div>
                <div class="meta-count"><span>161</span> <span>dependencies</span></div>
              </div><!-- .meta-counts -->
            </div><!-- .layout-container--short -->
          </header><!-- .project__header -->
        </div><!-- .layout-stacked__header -->
      <section class="layout-container">
          <table class="metatable">
              <tbody>
              <tr class="meta-row"><th class="meta-row-label">Project</th> <td class="meta-row-value">docker-image|quay.io/argoproj/argocd-applicationset</td></tr>
              <tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">quay.io/argoproj/argocd-applicationset:v0.4.1/argoproj/argocd-applicationset</td></tr>
              <tr class="meta-row"><th class="meta-row-label">Package Manager</th> <td class="meta-row-value">deb</td></tr>
              <tr class="meta-row"><th class="meta-row-label">Manifest</th> <td class="meta-row-value">Dockerfile</td></tr>
              </tbody>
          </table>
      </section>
    <div class="layout-container" style="padding-top: 35px;">
      <div class="cards--vuln filter--patch filter--ignore">
        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
            <h2 class="card__title">Loop with Unreachable Exit Condition (&#x27;Infinite Loop&#x27;)</h2>
            <div class="card__section">
        
                <div class="label label--high">
                    <span class="label__text">high severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            openssl/libssl1.1
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1 and openssl/libssl1.1@1.1.1l-1ubuntu1.1
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssl/libssl1.1@1.1.1l-1ubuntu1.1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1build1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssl/libssl1.1@1.1.1l-1ubuntu1.1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        libfido2/libfido2-1@1.6.0-2build1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssl/libssl1.1@1.1.1l-1ubuntu1.1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssh/openssh-client@1:8.4p1-6ubuntu2.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssl/libssl1.1@1.1.1l-1ubuntu1.1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        ca-certificates@20210119ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssl@1.1.1l-1ubuntu1.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssl/libssl1.1@1.1.1l-1ubuntu1.1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        curl/libcurl3-gnutls@7.74.0-1.3ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        libssh/libssh-4@0.9.6-1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssl/libssl1.1@1.1.1l-1ubuntu1.1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        adduser@3.118ubuntu5
                                         <span class="list-paths__item__arrow">›</span> 
                                        shadow/passwd@1:4.8.1-1ubuntu9
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam-modules@1.3.1-5ubuntu11
                                         <span class="list-paths__item__arrow">›</span> 
                                        libnsl/libnsl2@1.3.0-2build1
                                         <span class="list-paths__item__arrow">›</span> 
                                        libtirpc/libtirpc3@1.3.2-2
                                         <span class="list-paths__item__arrow">›</span> 
                                        krb5/libgssapi-krb5-2@1.18.3-6
                                         <span class="list-paths__item__arrow">›</span> 
                                        krb5/libkrb5-3@1.18.3-6
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssl/libssl1.1@1.1.1l-1ubuntu1.1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssl@1.1.1l-1ubuntu1.1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        ca-certificates@20210119ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssl@1.1.1l-1ubuntu1.1
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>openssl</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>openssl</code> to version 1.1.1l-1ubuntu1.2 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-0778">ADVISORY</a></li>
        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83">CONFIRM</a></li>
        <li><a href="https://www.openssl.org/news/secadv/20220315.txt">CONFIRM</a></li>
        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246">CONFIRM</a></li>
        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65">CONFIRM</a></li>
        <li><a href="https://www.debian.org/security/2022/dsa-5103">DEBIAN</a></li>
        <li><a href="https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html">MLIST</a></li>
        <li><a href="https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html">MLIST</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20220321-0002/">CONFIRM</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/">FEDORA</a></li>
        <li><a href="https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002">CONFIRM</a></li>
        <li><a href="https://www.tenable.com/security/tns-2022-06">CONFIRM</a></li>
        <li><a href="https://www.tenable.com/security/tns-2022-07">CONFIRM</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/">FEDORA</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/">FEDORA</a></li>
        <li><a href="https://www.tenable.com/security/tns-2022-08">CONFIRM</a></li>
        <li><a href="https://www.oracle.com/security-alerts/cpuapr2022.html">MISC</a></li>
        <li><a href="https://www.tenable.com/security/tns-2022-09">CONFIRM</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20220429-0005/">CONFIRM</a></li>
        <li><a href="https://support.apple.com/kb/HT213256">CONFIRM</a></li>
        <li><a href="https://support.apple.com/kb/HT213255">CONFIRM</a></li>
        <li><a href="https://support.apple.com/kb/HT213257">CONFIRM</a></li>
        <li><a href="http://seclists.org/fulldisclosure/2022/May/38">FULLDISC</a></li>
        <li><a href="http://seclists.org/fulldisclosure/2022/May/35">FULLDISC</a></li>
        <li><a href="http://seclists.org/fulldisclosure/2022/May/33">FULLDISC</a></li>
        <li><a href="http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html">MISC</a></li>
        <li><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf">CONFIRM</a></li>
        <li><a href="https://www.oracle.com/security-alerts/cpujul2022.html">N/A</a></li>
        <li><a href="https://security.gentoo.org/glsa/202210-02">GENTOO</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-OPENSSL-2426351">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
            <h2 class="card__title">Exposure of Resource to Wrong Sphere</h2>
            <div class="card__section">
        
                <div class="label label--high">
                    <span class="label__text">high severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            expat/libexpat1
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
        
                                    docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1, git@1:2.32.0-1ubuntu1 and others
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        expat/libexpat1@2.4.1-2
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>expat</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>expat</code> to version 2.4.1-2ubuntu0.1 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-25236">ADVISORY</a></li>
        <li><a href="https://github.com/libexpat/libexpat/pull/561">MISC</a></li>
        <li><a href="http://www.openwall.com/lists/oss-security/2022/02/19/1">MLIST</a></li>
        <li><a href="https://www.debian.org/security/2022/dsa-5085">DEBIAN</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/">FEDORA</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/">FEDORA</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20220303-0008/">CONFIRM</a></li>
        <li><a href="https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html">MLIST</a></li>
        <li><a href="https://www.oracle.com/security-alerts/cpuapr2022.html">MISC</a></li>
        <li><a href="http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html">MISC</a></li>
        <li><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf">CONFIRM</a></li>
        <li><a href="https://security.gentoo.org/glsa/202209-24">GENTOO</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-EXPAT-2403824">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
            <h2 class="card__title">Improper Encoding or Escaping of Output</h2>
            <div class="card__section">
        
                <div class="label label--high">
                    <span class="label__text">high severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            expat/libexpat1
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
        
                                    docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1, git@1:2.32.0-1ubuntu1 and others
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        expat/libexpat1@2.4.1-2
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>expat</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>expat</code> to version 2.4.1-2ubuntu0.1 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-25235">ADVISORY</a></li>
        <li><a href="https://github.com/libexpat/libexpat/pull/562">MISC</a></li>
        <li><a href="http://www.openwall.com/lists/oss-security/2022/02/19/1">MLIST</a></li>
        <li><a href="https://www.debian.org/security/2022/dsa-5085">DEBIAN</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/">FEDORA</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/">FEDORA</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20220303-0008/">CONFIRM</a></li>
        <li><a href="https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html">MLIST</a></li>
        <li><a href="https://www.oracle.com/security-alerts/cpuapr2022.html">MISC</a></li>
        <li><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf">CONFIRM</a></li>
        <li><a href="https://security.gentoo.org/glsa/202209-24">GENTOO</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-EXPAT-2404024">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
            <h2 class="card__title">SQL Injection</h2>
            <div class="card__section">
        
                <div class="label label--high">
                    <span class="label__text">high severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            cyrus-sasl2/libsasl2-modules
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1 and cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1build1
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1build1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        curl/libcurl3-gnutls@7.74.0-1.3ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        openldap/libldap-2.5-0@2.5.6+dfsg-1~exp1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        cyrus-sasl2/libsasl2-2@2.1.27+dfsg-2.1build1
                                         <span class="list-paths__item__arrow">›</span> 
                                        cyrus-sasl2/libsasl2-modules-db@2.1.27+dfsg-2.1build1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        curl/libcurl3-gnutls@7.74.0-1.3ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        openldap/libldap-2.5-0@2.5.6+dfsg-1~exp1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        cyrus-sasl2/libsasl2-2@2.1.27+dfsg-2.1build1
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>cyrus-sasl2</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>cyrus-sasl2</code> to version 2.1.27+dfsg-2.1ubuntu0.1 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-24407">ADVISORY</a></li>
        <li><a href="http://www.openwall.com/lists/oss-security/2022/02/23/4">MLIST</a></li>
        <li><a href="https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst">CONFIRM</a></li>
        <li><a href="https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28">MISC</a></li>
        <li><a href="https://www.debian.org/security/2022/dsa-5087">DEBIAN</a></li>
        <li><a href="https://lists.debian.org/debian-lts-announce/2022/03/msg00002.html">MLIST</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZC6BMPI3V3MC2IGNLN377ETUWO7QBIH/">FEDORA</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H26R4SMGM3WHXX4XYNNJB4YGFIL5UNF4/">FEDORA</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4FIXU75Q6RBNK6UYM7MQ3TCFGXR7AX4U/">FEDORA</a></li>
        <li><a href="https://www.oracle.com/security-alerts/cpujul2022.html">N/A</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20221007-0003/">CONFIRM</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-CYRUSSASL2-2408943">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">Out-of-bounds Write</h2>
            <div class="card__section">
        
                <div class="label label--medium">
                    <span class="label__text">medium severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            zlib/zlib1g
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
        
                                    docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1, meta-common-packages@meta and others
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        meta-common-packages@meta
                                         <span class="list-paths__item__arrow">›</span> 
                                        zlib/zlib1g@1:1.2.11.dfsg-2ubuntu7
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>zlib</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>zlib</code> to version 1:1.2.11.dfsg-2ubuntu7.1 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-25032">ADVISORY</a></li>
        <li><a href="https://www.openwall.com/lists/oss-security/2022/03/24/1">MISC</a></li>
        <li><a href="https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531">MISC</a></li>
        <li><a href="http://www.openwall.com/lists/oss-security/2022/03/25/2">MLIST</a></li>
        <li><a href="http://www.openwall.com/lists/oss-security/2022/03/26/1">MLIST</a></li>
        <li><a href="https://www.openwall.com/lists/oss-security/2022/03/28/1">MISC</a></li>
        <li><a href="https://github.com/madler/zlib/compare/v1.2.11...v1.2.12">CONFIRM</a></li>
        <li><a href="https://www.openwall.com/lists/oss-security/2022/03/28/3">MISC</a></li>
        <li><a href="https://github.com/madler/zlib/issues/605">MISC</a></li>
        <li><a href="https://www.debian.org/security/2022/dsa-5111">DEBIAN</a></li>
        <li><a href="https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html">MLIST</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/">FEDORA</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/">FEDORA</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/">FEDORA</a></li>
        <li><a href="https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html">MLIST</a></li>
        <li><a href="https://support.apple.com/kb/HT213255">CONFIRM</a></li>
        <li><a href="https://support.apple.com/kb/HT213256">CONFIRM</a></li>
        <li><a href="https://support.apple.com/kb/HT213257">CONFIRM</a></li>
        <li><a href="http://seclists.org/fulldisclosure/2022/May/33">FULLDISC</a></li>
        <li><a href="http://seclists.org/fulldisclosure/2022/May/35">FULLDISC</a></li>
        <li><a href="http://seclists.org/fulldisclosure/2022/May/38">FULLDISC</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20220526-0009/">CONFIRM</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/">FEDORA</a></li>
        <li><a href="https://www.oracle.com/security-alerts/cpujul2022.html">N/A</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20220729-0004/">CONFIRM</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/">FEDORA</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/">FEDORA</a></li>
        <li><a href="https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html">MLIST</a></li>
        <li><a href="https://security.gentoo.org/glsa/202210-42">GENTOO</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-ZLIB-2433596">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">Improper Input Validation</h2>
            <div class="card__section">
        
                <div class="label label--medium">
                    <span class="label__text">medium severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            xz-utils/liblzma5
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
        
                                    docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1, meta-common-packages@meta and others
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        meta-common-packages@meta
                                         <span class="list-paths__item__arrow">›</span> 
                                        xz-utils/liblzma5@5.2.5-2
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>xz-utils</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>An arbitrary file write vulnerability was found in GNU gzip&#39;s zgrep utility. When zgrep is applied on the attacker&#39;s chosen file name (for example, a crafted file name), this can overwrite an attacker&#39;s content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>xz-utils</code> to version 5.2.5-2ubuntu0.1 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-1271">ADVISORY</a></li>
        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2073310">MISC</a></li>
        <li><a href="https://access.redhat.com/security/cve/CVE-2022-1271">MISC</a></li>
        <li><a href="https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html">MISC</a></li>
        <li><a href="https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch">MISC</a></li>
        <li><a href="https://www.openwall.com/lists/oss-security/2022/04/07/8">MISC</a></li>
        <li><a href="https://git.tukaani.org/?p=xz.git;a=commit;h=69d1b3fc29677af8ade8dc15dba83f0589cb63d6">MISC</a></li>
        <li><a href="https://security-tracker.debian.org/tracker/CVE-2022-1271">MISC</a></li>
        <li><a href="https://security.gentoo.org/glsa/202209-01">GENTOO</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20220930-0006/">CONFIRM</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-XZUTILS-2442557">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">Files or Directories Accessible to External Parties</h2>
            <div class="card__section">
        
                <div class="label label--medium">
                    <span class="label__text">medium severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            util-linux/libblkid1
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1 and util-linux/libblkid1@2.36.1-8ubuntu2
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/libblkid1@2.36.1-8ubuntu2
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        e2fsprogs@1.46.3-1ubuntu3
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/libblkid1@2.36.1-8ubuntu2
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/libmount1@2.36.1-8ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/libblkid1@2.36.1-8ubuntu2
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/mount@2.36.1-8ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/libblkid1@2.36.1-8ubuntu2
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/mount@2.36.1-8ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux@2.36.1-8ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/libblkid1@2.36.1-8ubuntu2
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/libuuid1@2.36.1-8ubuntu2
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        e2fsprogs@1.46.3-1ubuntu3
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/libuuid1@2.36.1-8ubuntu2
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/mount@2.36.1-8ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux@2.36.1-8ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/libuuid1@2.36.1-8ubuntu2
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux@2.36.1-8ubuntu2
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/mount@2.36.1-8ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux@2.36.1-8ubuntu2
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/libmount1@2.36.1-8ubuntu2
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/mount@2.36.1-8ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/libmount1@2.36.1-8ubuntu2
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/mount@2.36.1-8ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux@2.36.1-8ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/libmount1@2.36.1-8ubuntu2
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/libsmartcols1@2.36.1-8ubuntu2
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/mount@2.36.1-8ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/libsmartcols1@2.36.1-8ubuntu2
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/mount@2.36.1-8ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux@2.36.1-8ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/libsmartcols1@2.36.1-8ubuntu2
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/mount@2.36.1-8ubuntu2
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>util-linux</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users&#39; filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>util-linux</code> to version 2.36.1-8ubuntu2.2 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3996">ADVISORY</a></li>
        <li><a href="https://github.com/util-linux/util-linux/commit/166e87368ae88bf31112a30e078cceae637f4cdb">MISC</a></li>
        <li><a href="https://access.redhat.com/security/cve/CVE-2021-3996">MISC</a></li>
        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2024628">MISC</a></li>
        <li><a href="https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes">MISC</a></li>
        <li><a href="https://www.openwall.com/lists/oss-security/2022/01/24/2">MISC</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-UTILLINUX-2387725">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">Files or Directories Accessible to External Parties</h2>
            <div class="card__section">
        
                <div class="label label--medium">
                    <span class="label__text">medium severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            util-linux/libblkid1
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1 and util-linux/libblkid1@2.36.1-8ubuntu2
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/libblkid1@2.36.1-8ubuntu2
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        e2fsprogs@1.46.3-1ubuntu3
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/libblkid1@2.36.1-8ubuntu2
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/libmount1@2.36.1-8ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/libblkid1@2.36.1-8ubuntu2
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/mount@2.36.1-8ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/libblkid1@2.36.1-8ubuntu2
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/mount@2.36.1-8ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux@2.36.1-8ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/libblkid1@2.36.1-8ubuntu2
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/libuuid1@2.36.1-8ubuntu2
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        e2fsprogs@1.46.3-1ubuntu3
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/libuuid1@2.36.1-8ubuntu2
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/mount@2.36.1-8ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux@2.36.1-8ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/libuuid1@2.36.1-8ubuntu2
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux@2.36.1-8ubuntu2
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/mount@2.36.1-8ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux@2.36.1-8ubuntu2
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/libmount1@2.36.1-8ubuntu2
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/mount@2.36.1-8ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/libmount1@2.36.1-8ubuntu2
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/mount@2.36.1-8ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux@2.36.1-8ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/libmount1@2.36.1-8ubuntu2
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/libsmartcols1@2.36.1-8ubuntu2
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/mount@2.36.1-8ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/libsmartcols1@2.36.1-8ubuntu2
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/mount@2.36.1-8ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux@2.36.1-8ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/libsmartcols1@2.36.1-8ubuntu2
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/mount@2.36.1-8ubuntu2
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>util-linux</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>util-linux</code> to version 2.36.1-8ubuntu2.2 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3995">ADVISORY</a></li>
        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2024631https://access.redhat.com/security/cve/CVE-2021-3995">MISC</a></li>
        <li><a href="https://github.com/util-linux/util-linux/commit/57202f5713afa2af20ffbb6ab5331481d0396f8d">MISC</a></li>
        <li><a href="https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes">MISC</a></li>
        <li><a href="https://www.openwall.com/lists/oss-security/2022/01/24/2">MISC</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-UTILLINUX-2387730">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">Out-of-bounds Read</h2>
            <div class="card__section">
        
                <div class="label label--medium">
                    <span class="label__text">medium severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            sqlite3/libsqlite3-0
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
        
                                    docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1, gnupg2/gpg@2.2.20-1ubuntu4 and others
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpg@2.2.20-1ubuntu4
                                         <span class="list-paths__item__arrow">›</span> 
                                        sqlite3/libsqlite3-0@3.35.5-1
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>sqlite3</code> package.</em></p>
        <p>An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A malicious application may cause a denial of service or potentially disclose memory contents.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:21.10</code> <code>sqlite3</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-9794">ADVISORY</a></li>
        <li><a href="https://security-tracker.debian.org/tracker/CVE-2020-9794">Debian Security Tracker</a></li>
        <li><a href="https://support.apple.com/HT211168">MISC</a></li>
        <li><a href="https://support.apple.com/HT211170">MISC</a></li>
        <li><a href="https://support.apple.com/HT211171">MISC</a></li>
        <li><a href="https://support.apple.com/HT211175">MISC</a></li>
        <li><a href="https://support.apple.com/HT211178">MISC</a></li>
        <li><a href="https://support.apple.com/HT211179">MISC</a></li>
        <li><a href="https://support.apple.com/HT211181">MISC</a></li>
        <li><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">MLIST</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-SQLITE3-1739674">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">Improper Verification of Cryptographic Signature</h2>
            <div class="card__section">
        
                <div class="label label--medium">
                    <span class="label__text">medium severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            perl/perl-modules-5.32
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
        
                                    docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1, git@1:2.32.0-1ubuntu1 and others
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        perl@5.32.1-3ubuntu3
                                         <span class="list-paths__item__arrow">›</span> 
                                        perl/perl-modules-5.32@5.32.1-3ubuntu3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        perl@5.32.1-3ubuntu3
                                         <span class="list-paths__item__arrow">›</span> 
                                        perl/libperl5.32@5.32.1-3ubuntu3
                                         <span class="list-paths__item__arrow">›</span> 
                                        perl/perl-modules-5.32@5.32.1-3ubuntu3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        perl@5.32.1-3ubuntu3
                                         <span class="list-paths__item__arrow">›</span> 
                                        perl/libperl5.32@5.32.1-3ubuntu3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        perl@5.32.1-3ubuntu3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        meta-common-packages@meta
                                         <span class="list-paths__item__arrow">›</span> 
                                        perl/perl-base@5.32.1-3ubuntu3
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>perl</code> package.</em></p>
        <p>CPAN 2.28 allows Signature Verification Bypass.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:21.10</code> <code>perl</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-16156">ADVISORY</a></li>
        <li><a href="https://metacpan.org/pod/distribution/CPAN/scripts/cpan">MISC</a></li>
        <li><a href="https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/">MISC</a></li>
        <li><a href="http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html">MISC</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/">FEDORA</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/">FEDORA</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-PERL-1930909">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">OS Command Injection</h2>
            <div class="card__section">
        
                <div class="label label--medium">
                    <span class="label__text">medium severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            openssl/libssl1.1
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1 and openssl/libssl1.1@1.1.1l-1ubuntu1.1
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssl/libssl1.1@1.1.1l-1ubuntu1.1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1build1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssl/libssl1.1@1.1.1l-1ubuntu1.1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        libfido2/libfido2-1@1.6.0-2build1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssl/libssl1.1@1.1.1l-1ubuntu1.1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssh/openssh-client@1:8.4p1-6ubuntu2.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssl/libssl1.1@1.1.1l-1ubuntu1.1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        ca-certificates@20210119ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssl@1.1.1l-1ubuntu1.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssl/libssl1.1@1.1.1l-1ubuntu1.1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        curl/libcurl3-gnutls@7.74.0-1.3ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        libssh/libssh-4@0.9.6-1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssl/libssl1.1@1.1.1l-1ubuntu1.1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        adduser@3.118ubuntu5
                                         <span class="list-paths__item__arrow">›</span> 
                                        shadow/passwd@1:4.8.1-1ubuntu9
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam-modules@1.3.1-5ubuntu11
                                         <span class="list-paths__item__arrow">›</span> 
                                        libnsl/libnsl2@1.3.0-2build1
                                         <span class="list-paths__item__arrow">›</span> 
                                        libtirpc/libtirpc3@1.3.2-2
                                         <span class="list-paths__item__arrow">›</span> 
                                        krb5/libgssapi-krb5-2@1.18.3-6
                                         <span class="list-paths__item__arrow">›</span> 
                                        krb5/libkrb5-3@1.18.3-6
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssl/libssl1.1@1.1.1l-1ubuntu1.1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssl@1.1.1l-1ubuntu1.1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        ca-certificates@20210119ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssl@1.1.1l-1ubuntu1.1
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>openssl</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>openssl</code> to version 1.1.1l-1ubuntu1.3 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-1292">ADVISORY</a></li>
        <li><a href="https://www.openssl.org/news/secadv/20220503.txt">CONFIRM</a></li>
        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2">CONFIRM</a></li>
        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23">CONFIRM</a></li>
        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=548d3f280a6e737673f5b61fce24bb100108dfeb">CONFIRM</a></li>
        <li><a href="https://lists.debian.org/debian-lts-announce/2022/05/msg00019.html">MLIST</a></li>
        <li><a href="https://www.debian.org/security/2022/dsa-5139">DEBIAN</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20220602-0009/">CONFIRM</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VX4KWHPMKYJL6ZLW4M5IU7E5UV5ZWJQU/">FEDORA</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNU5M7BXMML26G3GPYKFGQYPQDRSNKDD/">FEDORA</a></li>
        <li><a href="https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0011">CONFIRM</a></li>
        <li><a href="https://www.oracle.com/security-alerts/cpujul2022.html">N/A</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20220729-0004/">CONFIRM</a></li>
        <li><a href="https://security.gentoo.org/glsa/202210-02">GENTOO</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-OPENSSL-2807647">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">OS Command Injection</h2>
            <div class="card__section">
        
                <div class="label label--medium">
                    <span class="label__text">medium severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            openssl/libssl1.1
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1 and openssl/libssl1.1@1.1.1l-1ubuntu1.1
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssl/libssl1.1@1.1.1l-1ubuntu1.1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1build1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssl/libssl1.1@1.1.1l-1ubuntu1.1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        libfido2/libfido2-1@1.6.0-2build1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssl/libssl1.1@1.1.1l-1ubuntu1.1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssh/openssh-client@1:8.4p1-6ubuntu2.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssl/libssl1.1@1.1.1l-1ubuntu1.1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        ca-certificates@20210119ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssl@1.1.1l-1ubuntu1.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssl/libssl1.1@1.1.1l-1ubuntu1.1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        curl/libcurl3-gnutls@7.74.0-1.3ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        libssh/libssh-4@0.9.6-1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssl/libssl1.1@1.1.1l-1ubuntu1.1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        adduser@3.118ubuntu5
                                         <span class="list-paths__item__arrow">›</span> 
                                        shadow/passwd@1:4.8.1-1ubuntu9
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam-modules@1.3.1-5ubuntu11
                                         <span class="list-paths__item__arrow">›</span> 
                                        libnsl/libnsl2@1.3.0-2build1
                                         <span class="list-paths__item__arrow">›</span> 
                                        libtirpc/libtirpc3@1.3.2-2
                                         <span class="list-paths__item__arrow">›</span> 
                                        krb5/libgssapi-krb5-2@1.18.3-6
                                         <span class="list-paths__item__arrow">›</span> 
                                        krb5/libkrb5-3@1.18.3-6
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssl/libssl1.1@1.1.1l-1ubuntu1.1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssl@1.1.1l-1ubuntu1.1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        ca-certificates@20210119ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssl@1.1.1l-1ubuntu1.1
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>openssl</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>openssl</code> to version 1.1.1l-1ubuntu1.5 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-2068">ADVISORY</a></li>
        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9639817dac8bbbaa64d09efad7464ccc405527c7">CONFIRM</a></li>
        <li><a href="https://www.openssl.org/news/secadv/20220621.txt">CONFIRM</a></li>
        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9">CONFIRM</a></li>
        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c9c35870601b4a44d86ddbf512b38df38285cfa">CONFIRM</a></li>
        <li><a href="https://www.debian.org/security/2022/dsa-5169">DEBIAN</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/">FEDORA</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20220707-0008/">CONFIRM</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/">FEDORA</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-OPENSSL-2933132">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">Inadequate Encryption Strength</h2>
            <div class="card__section">
        
                <div class="label label--medium">
                    <span class="label__text">medium severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            openssl/libssl1.1
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1 and openssl/libssl1.1@1.1.1l-1ubuntu1.1
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssl/libssl1.1@1.1.1l-1ubuntu1.1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1build1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssl/libssl1.1@1.1.1l-1ubuntu1.1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        libfido2/libfido2-1@1.6.0-2build1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssl/libssl1.1@1.1.1l-1ubuntu1.1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssh/openssh-client@1:8.4p1-6ubuntu2.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssl/libssl1.1@1.1.1l-1ubuntu1.1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        ca-certificates@20210119ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssl@1.1.1l-1ubuntu1.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssl/libssl1.1@1.1.1l-1ubuntu1.1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        curl/libcurl3-gnutls@7.74.0-1.3ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        libssh/libssh-4@0.9.6-1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssl/libssl1.1@1.1.1l-1ubuntu1.1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        adduser@3.118ubuntu5
                                         <span class="list-paths__item__arrow">›</span> 
                                        shadow/passwd@1:4.8.1-1ubuntu9
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam-modules@1.3.1-5ubuntu11
                                         <span class="list-paths__item__arrow">›</span> 
                                        libnsl/libnsl2@1.3.0-2build1
                                         <span class="list-paths__item__arrow">›</span> 
                                        libtirpc/libtirpc3@1.3.2-2
                                         <span class="list-paths__item__arrow">›</span> 
                                        krb5/libgssapi-krb5-2@1.18.3-6
                                         <span class="list-paths__item__arrow">›</span> 
                                        krb5/libkrb5-3@1.18.3-6
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssl/libssl1.1@1.1.1l-1ubuntu1.1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssl@1.1.1l-1ubuntu1.1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        ca-certificates@20210119ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssl@1.1.1l-1ubuntu1.1
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>openssl</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn&#39;t written. In the special case of &#34;in place&#34; encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>openssl</code> to version 1.1.1l-1ubuntu1.6 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-2097">ADVISORY</a></li>
        <li><a href="https://www.openssl.org/news/secadv/20220705.txt">CONFIRM</a></li>
        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93">CONFIRM</a></li>
        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=919925673d6c9cfed3c1085497f5dfbbed5fc431">CONFIRM</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/">FEDORA</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/">FEDORA</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20220715-0011/">CONFIRM</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/">FEDORA</a></li>
        <li><a href="https://security.gentoo.org/glsa/202210-02">GENTOO</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-OPENSSL-2941384">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">SQL Injection</h2>
            <div class="card__section">
        
                <div class="label label--medium">
                    <span class="label__text">medium severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            openldap/libldap-2.5-0
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
        
                                    docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1, gnupg2/dirmngr@2.2.20-1ubuntu4 and others
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/dirmngr@2.2.20-1ubuntu4
                                         <span class="list-paths__item__arrow">›</span> 
                                        openldap/libldap-2.5-0@2.5.6+dfsg-1~exp1ubuntu1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        curl/libcurl3-gnutls@7.74.0-1.3ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        openldap/libldap-2.5-0@2.5.6+dfsg-1~exp1ubuntu1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openldap/libldap-common@2.5.6+dfsg-1~exp1ubuntu1
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>openldap</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>openldap</code> to version 2.5.6+dfsg-1~exp1ubuntu1.1 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-29155">ADVISORY</a></li>
        <li><a href="https://bugs.openldap.org/show_bug.cgi?id=9815">MISC</a></li>
        <li><a href="https://www.debian.org/security/2022/dsa-5140">DEBIAN</a></li>
        <li><a href="https://lists.debian.org/debian-lts-announce/2022/05/msg00032.html">MLIST</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20220609-0007/">CONFIRM</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-OPENLDAP-2810700">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">NULL Pointer Dereference</h2>
            <div class="card__section">
        
                <div class="label label--medium">
                    <span class="label__text">medium severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            krb5/libk5crypto3
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1 and krb5/libk5crypto3@1.18.3-6
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        krb5/libk5crypto3@1.18.3-6
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        adduser@3.118ubuntu5
                                         <span class="list-paths__item__arrow">›</span> 
                                        shadow/passwd@1:4.8.1-1ubuntu9
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam-modules@1.3.1-5ubuntu11
                                         <span class="list-paths__item__arrow">›</span> 
                                        libnsl/libnsl2@1.3.0-2build1
                                         <span class="list-paths__item__arrow">›</span> 
                                        libtirpc/libtirpc3@1.3.2-2
                                         <span class="list-paths__item__arrow">›</span> 
                                        krb5/libgssapi-krb5-2@1.18.3-6
                                         <span class="list-paths__item__arrow">›</span> 
                                        krb5/libk5crypto3@1.18.3-6
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        adduser@3.118ubuntu5
                                         <span class="list-paths__item__arrow">›</span> 
                                        shadow/passwd@1:4.8.1-1ubuntu9
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam-modules@1.3.1-5ubuntu11
                                         <span class="list-paths__item__arrow">›</span> 
                                        libnsl/libnsl2@1.3.0-2build1
                                         <span class="list-paths__item__arrow">›</span> 
                                        libtirpc/libtirpc3@1.3.2-2
                                         <span class="list-paths__item__arrow">›</span> 
                                        krb5/libgssapi-krb5-2@1.18.3-6
                                         <span class="list-paths__item__arrow">›</span> 
                                        krb5/libkrb5-3@1.18.3-6
                                         <span class="list-paths__item__arrow">›</span> 
                                        krb5/libk5crypto3@1.18.3-6
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        krb5/libkrb5-3@1.18.3-6
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        adduser@3.118ubuntu5
                                         <span class="list-paths__item__arrow">›</span> 
                                        shadow/passwd@1:4.8.1-1ubuntu9
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam-modules@1.3.1-5ubuntu11
                                         <span class="list-paths__item__arrow">›</span> 
                                        libnsl/libnsl2@1.3.0-2build1
                                         <span class="list-paths__item__arrow">›</span> 
                                        libtirpc/libtirpc3@1.3.2-2
                                         <span class="list-paths__item__arrow">›</span> 
                                        krb5/libgssapi-krb5-2@1.18.3-6
                                         <span class="list-paths__item__arrow">›</span> 
                                        krb5/libkrb5-3@1.18.3-6
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        krb5/libgssapi-krb5-2@1.18.3-6
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssh/openssh-client@1:8.4p1-6ubuntu2.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        krb5/libgssapi-krb5-2@1.18.3-6
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        curl/libcurl3-gnutls@7.74.0-1.3ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        krb5/libgssapi-krb5-2@1.18.3-6
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        curl/libcurl3-gnutls@7.74.0-1.3ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        libssh/libssh-4@0.9.6-1
                                         <span class="list-paths__item__arrow">›</span> 
                                        krb5/libgssapi-krb5-2@1.18.3-6
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        adduser@3.118ubuntu5
                                         <span class="list-paths__item__arrow">›</span> 
                                        shadow/passwd@1:4.8.1-1ubuntu9
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam-modules@1.3.1-5ubuntu11
                                         <span class="list-paths__item__arrow">›</span> 
                                        libnsl/libnsl2@1.3.0-2build1
                                         <span class="list-paths__item__arrow">›</span> 
                                        libtirpc/libtirpc3@1.3.2-2
                                         <span class="list-paths__item__arrow">›</span> 
                                        krb5/libgssapi-krb5-2@1.18.3-6
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        meta-common-packages@meta
                                         <span class="list-paths__item__arrow">›</span> 
                                        krb5/libkrb5support0@1.18.3-6
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>krb5</code> package.</em></p>
        <p>The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:21.10</code> <code>krb5</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-37750">ADVISORY</a></li>
        <li><a href="https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49">CONFIRM</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20210923-0002/">CONFIRM</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MFCLW7D46E4VCREKKH453T5DA4XOLHU2/">FEDORA</a></li>
        <li><a href="https://github.com/krb5/krb5/releases">MISC</a></li>
        <li><a href="https://web.mit.edu/kerberos/advisories/">MISC</a></li>
        <li><a href="https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html">MLIST</a></li>
        <li><a href="https://www.oracle.com/security-alerts/cpujul2022.html">N/A</a></li>
        <li><a href="https://www.starwindsoftware.com/security/sw-20220817-0004/">MISC</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-KRB5-1735754">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">Improper Input Validation</h2>
            <div class="card__section">
        
                <div class="label label--medium">
                    <span class="label__text">medium severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            gzip
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1 and gzip@1.10-4ubuntu1
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gzip@1.10-4ubuntu1
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>gzip</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>An arbitrary file write vulnerability was found in GNU gzip&#39;s zgrep utility. When zgrep is applied on the attacker&#39;s chosen file name (for example, a crafted file name), this can overwrite an attacker&#39;s content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>gzip</code> to version 1.10-4ubuntu1.1 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-1271">ADVISORY</a></li>
        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2073310">MISC</a></li>
        <li><a href="https://access.redhat.com/security/cve/CVE-2022-1271">MISC</a></li>
        <li><a href="https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html">MISC</a></li>
        <li><a href="https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch">MISC</a></li>
        <li><a href="https://www.openwall.com/lists/oss-security/2022/04/07/8">MISC</a></li>
        <li><a href="https://git.tukaani.org/?p=xz.git;a=commit;h=69d1b3fc29677af8ade8dc15dba83f0589cb63d6">MISC</a></li>
        <li><a href="https://security-tracker.debian.org/tracker/CVE-2022-1271">MISC</a></li>
        <li><a href="https://security.gentoo.org/glsa/202209-01">GENTOO</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20220930-0006/">CONFIRM</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-GZIP-2442556">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">Arbitrary Code Injection</h2>
            <div class="card__section">
        
                <div class="label label--medium">
                    <span class="label__text">medium severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            gnupg2/gpgv
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1 and gnupg2/gpgv@2.2.20-1ubuntu4
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpgv@2.2.20-1ubuntu4
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        apt@2.3.9
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpgv@2.2.20-1ubuntu4
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gnupg@2.2.20-1ubuntu4
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpgv@2.2.20-1ubuntu4
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/dirmngr@2.2.20-1ubuntu4
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpgconf@2.2.20-1ubuntu4
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpg@2.2.20-1ubuntu4
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpgconf@2.2.20-1ubuntu4
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gnupg@2.2.20-1ubuntu4
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpg-agent@2.2.20-1ubuntu4
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpgconf@2.2.20-1ubuntu4
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gnupg@2.2.20-1ubuntu4
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpgsm@2.2.20-1ubuntu4
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpgconf@2.2.20-1ubuntu4
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/dirmngr@2.2.20-1ubuntu4
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gnupg@2.2.20-1ubuntu4
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/dirmngr@2.2.20-1ubuntu4
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gnupg@2.2.20-1ubuntu4
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpg-wks-client@2.2.20-1ubuntu4
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/dirmngr@2.2.20-1ubuntu4
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gnupg-l10n@2.2.20-1ubuntu4
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gnupg@2.2.20-1ubuntu4
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gnupg-l10n@2.2.20-1ubuntu4
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gnupg-utils@2.2.20-1ubuntu4
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gnupg@2.2.20-1ubuntu4
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gnupg-utils@2.2.20-1ubuntu4
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpg@2.2.20-1ubuntu4
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gnupg@2.2.20-1ubuntu4
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpg@2.2.20-1ubuntu4
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gnupg@2.2.20-1ubuntu4
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpg-wks-client@2.2.20-1ubuntu4
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpg@2.2.20-1ubuntu4
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gnupg@2.2.20-1ubuntu4
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpg-wks-server@2.2.20-1ubuntu4
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpg@2.2.20-1ubuntu4
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpg-agent@2.2.20-1ubuntu4
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gnupg@2.2.20-1ubuntu4
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpg-agent@2.2.20-1ubuntu4
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gnupg@2.2.20-1ubuntu4
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpg-wks-client@2.2.20-1ubuntu4
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpg-agent@2.2.20-1ubuntu4
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gnupg@2.2.20-1ubuntu4
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpg-wks-server@2.2.20-1ubuntu4
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpg-agent@2.2.20-1ubuntu4
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpg-wks-client@2.2.20-1ubuntu4
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gnupg@2.2.20-1ubuntu4
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpg-wks-client@2.2.20-1ubuntu4
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpg-wks-server@2.2.20-1ubuntu4
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gnupg@2.2.20-1ubuntu4
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpg-wks-server@2.2.20-1ubuntu4
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpgsm@2.2.20-1ubuntu4
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gnupg@2.2.20-1ubuntu4
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpgsm@2.2.20-1ubuntu4
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gnupg@2.2.20-1ubuntu4
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>gnupg2</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim&#39;s keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>gnupg2</code> to version 2.2.20-1ubuntu4.1 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-34903">ADVISORY</a></li>
        <li><a href="https://dev.gnupg.org/T6027">MISC</a></li>
        <li><a href="https://bugs.debian.org/1014157">MISC</a></li>
        <li><a href="https://www.openwall.com/lists/oss-security/2022/06/30/1">MISC</a></li>
        <li><a href="http://www.openwall.com/lists/oss-security/2022/07/02/1">MLIST</a></li>
        <li><a href="https://www.debian.org/security/2022/dsa-5174">DEBIAN</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPTAR76EIZY7NQFENSOZO7U473257OVZ/">FEDORA</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VN63GBTMRWO36Y7BKA2WQHROAKCXKCBL/">FEDORA</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRLWJQ76A4UKHI3Q36BKSJKS4LFLQO33/">FEDORA</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VU64FUVG2PRZBSHFOQRSP7KDVEIZ23OS/">FEDORA</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20220826-0005/">CONFIRM</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-GNUPG2-2940678">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">Off-by-one Error</h2>
            <div class="card__section">
        
                <div class="label label--medium">
                    <span class="label__text">medium severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            glibc/libc-bin
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1 and glibc/libc-bin@2.34-0ubuntu3
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        glibc/libc-bin@2.34-0ubuntu3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        meta-common-packages@meta
                                         <span class="list-paths__item__arrow">›</span> 
                                        glibc/libc6@2.34-0ubuntu3
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>glibc</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>glibc</code> to version 2.34-0ubuntu3.2 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3999">ADVISORY</a></li>
        <li><a href="https://www.openwall.com/lists/oss-security/2022/01/24/4">MISC</a></li>
        <li><a href="https://access.redhat.com/security/cve/CVE-2021-3999">MISC</a></li>
        <li><a href="https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=23e0e8f5f1fb5ed150253d986ecccdc90c2dcd5e">MISC</a></li>
        <li><a href="https://sourceware.org/bugzilla/show_bug.cgi?id=28769">MISC</a></li>
        <li><a href="https://security-tracker.debian.org/tracker/CVE-2021-3999">MISC</a></li>
        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2024637">MISC</a></li>
        <li><a href="https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html">MLIST</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20221104-0001/">CONFIRM</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-GLIBC-2359263">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">Out-of-bounds Read</h2>
            <div class="card__section">
        
                <div class="label label--medium">
                    <span class="label__text">medium severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            glibc/libc-bin
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1 and glibc/libc-bin@2.34-0ubuntu3
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        glibc/libc-bin@2.34-0ubuntu3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        meta-common-packages@meta
                                         <span class="list-paths__item__arrow">›</span> 
                                        glibc/libc6@2.34-0ubuntu3
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>glibc</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>glibc</code> to version 2.34-0ubuntu3.2 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3998">ADVISORY</a></li>
        <li><a href="https://www.openwall.com/lists/oss-security/2022/01/24/4">MISC</a></li>
        <li><a href="https://access.redhat.com/security/cve/CVE-2021-3998">MISC</a></li>
        <li><a href="https://sourceware.org/bugzilla/show_bug.cgi?id=28770">MISC</a></li>
        <li><a href="https://security-tracker.debian.org/tracker/CVE-2021-3998">MISC</a></li>
        <li><a href="https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ee8d5e33adb284601c00c94687bc907e10aec9bb">MISC</a></li>
        <li><a href="https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=84d2d0fe20bdf94feed82b21b4d7d136db471f03">MISC</a></li>
        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2024633">MISC</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20221020-0003/">CONFIRM</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-GLIBC-2359274">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">Uncontrolled Search Path Element</h2>
            <div class="card__section">
        
                <div class="label label--medium">
                    <span class="label__text">medium severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            git/git-man
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
        
                                    docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1, git@1:2.32.0-1ubuntu1 and others
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git/git-man@1:2.32.0-1ubuntu1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git-lfs@2.13.2-1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>git</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder <code>C:\.git</code>, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set <code>GIT_PS1_SHOWDIRTYSTATE</code> are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in <code>C:\.git\config</code>. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder <code>.git</code> on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend <code>GIT_CEILING_DIRECTORIES</code> to cover the <em>parent</em> directory of the user profile, e.g. <code>C:\Users</code> if the user profile is located in <code>C:\Users\my-user-name</code>.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>git</code> to version 1:2.32.0-1ubuntu1.2 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-24765">ADVISORY</a></li>
        <li><a href="https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2">CONFIRM</a></li>
        <li><a href="https://git-scm.com/book/en/v2/Appendix-A%3A-Git-in-Other-Environments-Git-in-Bash">MISC</a></li>
        <li><a href="https://git-scm.com/docs/git#Documentation/git.txt-codeGITCEILINGDIRECTORIEScode">MISC</a></li>
        <li><a href="http://www.openwall.com/lists/oss-security/2022/04/12/7">MLIST</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5PTN5NYEHYN2OQSHSAMCNICZNK2U4QH6/">FEDORA</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BENQYTDGUL6TF3UALY6GSIEXIHUIYNWM/">FEDORA</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLP42KIZ6HACTVZMZLJLFJQ4W2XYT27M/">FEDORA</a></li>
        <li><a href="https://support.apple.com/kb/HT213261">CONFIRM</a></li>
        <li><a href="http://seclists.org/fulldisclosure/2022/May/31">FULLDISC</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRZG5CDUQ27OWTPC5MQOR4UASNXHWEZS/">FEDORA</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDI325LOO2XBDDKLINOAQJEG6MHAURZE/">FEDORA</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-GIT-2635677">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">Uncontrolled Search Path Element</h2>
            <div class="card__section">
        
                <div class="label label--medium">
                    <span class="label__text">medium severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            git/git-man
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
        
                                    docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1, git@1:2.32.0-1ubuntu1 and others
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git/git-man@1:2.32.0-1ubuntu1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git-lfs@2.13.2-1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>git</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>git</code> to version 1:2.32.0-1ubuntu1.3 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-29187">ADVISORY</a></li>
        <li><a href="https://github.blog/2022-04-12-git-security-vulnerability-announced">MISC</a></li>
        <li><a href="https://lore.kernel.org/git/xmqqv8s2fefi.fsf@gitster.g/T/#u">MISC</a></li>
        <li><a href="https://github.com/git/git/security/advisories/GHSA-j342-m5hw-rr3v">CONFIRM</a></li>
        <li><a href="http://www.openwall.com/lists/oss-security/2022/07/14/1">MLIST</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRZG5CDUQ27OWTPC5MQOR4UASNXHWEZS/">FEDORA</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDI325LOO2XBDDKLINOAQJEG6MHAURZE/">FEDORA</a></li>
        <li><a href="https://support.apple.com/kb/HT213496">CONFIRM</a></li>
        <li><a href="http://seclists.org/fulldisclosure/2022/Nov/1">FULLDISC</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-GIT-2949719">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">Integer Overflow or Wraparound</h2>
            <div class="card__section">
        
                <div class="label label--medium">
                    <span class="label__text">medium severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            expat/libexpat1
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
        
                                    docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1, git@1:2.32.0-1ubuntu1 and others
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        expat/libexpat1@2.4.1-2
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>expat</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>expat</code> to version 2.4.1-2ubuntu0.1 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-46143">ADVISORY</a></li>
        <li><a href="https://github.com/libexpat/libexpat/issues/532">MISC</a></li>
        <li><a href="https://github.com/libexpat/libexpat/pull/538">MISC</a></li>
        <li><a href="http://www.openwall.com/lists/oss-security/2022/01/17/3">MLIST</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20220121-0006/">CONFIRM</a></li>
        <li><a href="https://www.tenable.com/security/tns-2022-05">CONFIRM</a></li>
        <li><a href="https://www.debian.org/security/2022/dsa-5073">DEBIAN</a></li>
        <li><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf">CONFIRM</a></li>
        <li><a href="https://security.gentoo.org/glsa/202209-24">GENTOO</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-EXPAT-2331329">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">Integer Overflow or Wraparound</h2>
            <div class="card__section">
        
                <div class="label label--medium">
                    <span class="label__text">medium severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            expat/libexpat1
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
        
                                    docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1, git@1:2.32.0-1ubuntu1 and others
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        expat/libexpat1@2.4.1-2
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>expat</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>expat</code> to version 2.4.1-2ubuntu0.1 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-22827">ADVISORY</a></li>
        <li><a href="https://github.com/libexpat/libexpat/pull/539">MISC</a></li>
        <li><a href="http://www.openwall.com/lists/oss-security/2022/01/17/3">MLIST</a></li>
        <li><a href="https://www.tenable.com/security/tns-2022-05">CONFIRM</a></li>
        <li><a href="https://www.debian.org/security/2022/dsa-5073">DEBIAN</a></li>
        <li><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf">CONFIRM</a></li>
        <li><a href="https://security.gentoo.org/glsa/202209-24">GENTOO</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-EXPAT-2337155">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">Integer Overflow or Wraparound</h2>
            <div class="card__section">
        
                <div class="label label--medium">
                    <span class="label__text">medium severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            expat/libexpat1
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
        
                                    docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1, git@1:2.32.0-1ubuntu1 and others
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        expat/libexpat1@2.4.1-2
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>expat</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>expat</code> to version 2.4.1-2ubuntu0.1 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-22826">ADVISORY</a></li>
        <li><a href="https://github.com/libexpat/libexpat/pull/539">MISC</a></li>
        <li><a href="http://www.openwall.com/lists/oss-security/2022/01/17/3">MLIST</a></li>
        <li><a href="https://www.tenable.com/security/tns-2022-05">CONFIRM</a></li>
        <li><a href="https://www.debian.org/security/2022/dsa-5073">DEBIAN</a></li>
        <li><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf">CONFIRM</a></li>
        <li><a href="https://security.gentoo.org/glsa/202209-24">GENTOO</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-EXPAT-2337339">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">Integer Overflow or Wraparound</h2>
            <div class="card__section">
        
                <div class="label label--medium">
                    <span class="label__text">medium severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            expat/libexpat1
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
        
                                    docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1, git@1:2.32.0-1ubuntu1 and others
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        expat/libexpat1@2.4.1-2
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>expat</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>expat</code> to version 2.4.1-2ubuntu0.1 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-22825">ADVISORY</a></li>
        <li><a href="https://github.com/libexpat/libexpat/pull/539">MISC</a></li>
        <li><a href="http://www.openwall.com/lists/oss-security/2022/01/17/3">MLIST</a></li>
        <li><a href="https://www.tenable.com/security/tns-2022-05">CONFIRM</a></li>
        <li><a href="https://www.debian.org/security/2022/dsa-5073">DEBIAN</a></li>
        <li><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf">CONFIRM</a></li>
        <li><a href="https://security.gentoo.org/glsa/202209-24">GENTOO</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-EXPAT-2337625">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">Integer Overflow or Wraparound</h2>
            <div class="card__section">
        
                <div class="label label--medium">
                    <span class="label__text">medium severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            expat/libexpat1
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
        
                                    docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1, git@1:2.32.0-1ubuntu1 and others
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        expat/libexpat1@2.4.1-2
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>expat</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>expat</code> to version 2.4.1-2ubuntu0.1 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-22824">ADVISORY</a></li>
        <li><a href="https://github.com/libexpat/libexpat/pull/539">MISC</a></li>
        <li><a href="http://www.openwall.com/lists/oss-security/2022/01/17/3">MLIST</a></li>
        <li><a href="https://www.tenable.com/security/tns-2022-05">CONFIRM</a></li>
        <li><a href="https://www.debian.org/security/2022/dsa-5073">DEBIAN</a></li>
        <li><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf">CONFIRM</a></li>
        <li><a href="https://security.gentoo.org/glsa/202209-24">GENTOO</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-EXPAT-2337691">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">Integer Overflow or Wraparound</h2>
            <div class="card__section">
        
                <div class="label label--medium">
                    <span class="label__text">medium severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            expat/libexpat1
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
        
                                    docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1, git@1:2.32.0-1ubuntu1 and others
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        expat/libexpat1@2.4.1-2
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>expat</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>expat</code> to version 2.4.1-2ubuntu0.1 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-22823">ADVISORY</a></li>
        <li><a href="https://github.com/libexpat/libexpat/pull/539">MISC</a></li>
        <li><a href="http://www.openwall.com/lists/oss-security/2022/01/17/3">MLIST</a></li>
        <li><a href="https://www.tenable.com/security/tns-2022-05">CONFIRM</a></li>
        <li><a href="https://www.debian.org/security/2022/dsa-5073">DEBIAN</a></li>
        <li><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf">CONFIRM</a></li>
        <li><a href="https://security.gentoo.org/glsa/202209-24">GENTOO</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-EXPAT-2337959">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">Integer Overflow or Wraparound</h2>
            <div class="card__section">
        
                <div class="label label--medium">
                    <span class="label__text">medium severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            expat/libexpat1
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
        
                                    docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1, git@1:2.32.0-1ubuntu1 and others
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        expat/libexpat1@2.4.1-2
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>expat</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>expat</code> to version 2.4.1-2ubuntu0.1 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-22822">ADVISORY</a></li>
        <li><a href="https://github.com/libexpat/libexpat/pull/539">MISC</a></li>
        <li><a href="http://www.openwall.com/lists/oss-security/2022/01/17/3">MLIST</a></li>
        <li><a href="https://www.tenable.com/security/tns-2022-05">CONFIRM</a></li>
        <li><a href="https://www.debian.org/security/2022/dsa-5073">DEBIAN</a></li>
        <li><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf">CONFIRM</a></li>
        <li><a href="https://security.gentoo.org/glsa/202209-24">GENTOO</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-EXPAT-2337963">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">Integer Overflow or Wraparound</h2>
            <div class="card__section">
        
                <div class="label label--medium">
                    <span class="label__text">medium severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            expat/libexpat1
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
        
                                    docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1, git@1:2.32.0-1ubuntu1 and others
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        expat/libexpat1@2.4.1-2
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>expat</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>expat</code> to version 2.4.1-2ubuntu0.1 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-23852">ADVISORY</a></li>
        <li><a href="https://github.com/libexpat/libexpat/pull/550">MISC</a></li>
        <li><a href="https://www.tenable.com/security/tns-2022-05">CONFIRM</a></li>
        <li><a href="https://www.debian.org/security/2022/dsa-5073">DEBIAN</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20220217-0001/">CONFIRM</a></li>
        <li><a href="https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html">MLIST</a></li>
        <li><a href="https://www.oracle.com/security-alerts/cpuapr2022.html">MISC</a></li>
        <li><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf">CONFIRM</a></li>
        <li><a href="https://security.gentoo.org/glsa/202209-24">GENTOO</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-EXPAT-2359558">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">Integer Overflow or Wraparound</h2>
            <div class="card__section">
        
                <div class="label label--medium">
                    <span class="label__text">medium severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            expat/libexpat1
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
        
                                    docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1, git@1:2.32.0-1ubuntu1 and others
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        expat/libexpat1@2.4.1-2
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>expat</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>expat</code> to version 2.4.1-2ubuntu0.1 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-23990">ADVISORY</a></li>
        <li><a href="https://github.com/libexpat/libexpat/pull/551">MISC</a></li>
        <li><a href="https://www.tenable.com/security/tns-2022-05">CONFIRM</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7FF2UH7MPXKTADYSJUAHI2Y5UHBSHUH/">FEDORA</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34NXVL2RZC2YZRV74ZQ3RNFB7WCEUP7D/">FEDORA</a></li>
        <li><a href="https://www.debian.org/security/2022/dsa-5073">DEBIAN</a></li>
        <li><a href="https://www.oracle.com/security-alerts/cpuapr2022.html">MISC</a></li>
        <li><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf">CONFIRM</a></li>
        <li><a href="https://security.gentoo.org/glsa/202209-24">GENTOO</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-EXPAT-2387598">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">Integer Overflow or Wraparound</h2>
            <div class="card__section">
        
                <div class="label label--medium">
                    <span class="label__text">medium severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            expat/libexpat1
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
        
                                    docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1, git@1:2.32.0-1ubuntu1 and others
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        expat/libexpat1@2.4.1-2
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>expat</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>expat</code> to version 2.4.1-2ubuntu0.3 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-25315">ADVISORY</a></li>
        <li><a href="https://github.com/libexpat/libexpat/pull/559">MISC</a></li>
        <li><a href="http://www.openwall.com/lists/oss-security/2022/02/19/1">MLIST</a></li>
        <li><a href="https://www.debian.org/security/2022/dsa-5085">DEBIAN</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/">FEDORA</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/">FEDORA</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20220303-0008/">CONFIRM</a></li>
        <li><a href="https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html">MLIST</a></li>
        <li><a href="https://www.oracle.com/security-alerts/cpuapr2022.html">MISC</a></li>
        <li><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf">CONFIRM</a></li>
        <li><a href="https://security.gentoo.org/glsa/202209-24">GENTOO</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-EXPAT-2406680">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">Integer Overflow or Wraparound</h2>
            <div class="card__section">
        
                <div class="label label--medium">
                    <span class="label__text">medium severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            expat/libexpat1
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
        
                                    docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1, git@1:2.32.0-1ubuntu1 and others
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        expat/libexpat1@2.4.1-2
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>expat</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>expat</code> to version 2.4.1-2ubuntu0.3 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-25314">ADVISORY</a></li>
        <li><a href="https://github.com/libexpat/libexpat/pull/560">MISC</a></li>
        <li><a href="http://www.openwall.com/lists/oss-security/2022/02/19/1">MLIST</a></li>
        <li><a href="https://www.debian.org/security/2022/dsa-5085">DEBIAN</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/">FEDORA</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/">FEDORA</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20220303-0008/">CONFIRM</a></li>
        <li><a href="https://www.oracle.com/security-alerts/cpuapr2022.html">MISC</a></li>
        <li><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf">CONFIRM</a></li>
        <li><a href="https://security.gentoo.org/glsa/202209-24">GENTOO</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-EXPAT-2406883">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">Resource Exhaustion</h2>
            <div class="card__section">
        
                <div class="label label--medium">
                    <span class="label__text">medium severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            expat/libexpat1
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
        
                                    docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1, git@1:2.32.0-1ubuntu1 and others
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        expat/libexpat1@2.4.1-2
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>expat</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>expat</code> to version 2.4.1-2ubuntu0.3 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-25313">ADVISORY</a></li>
        <li><a href="https://github.com/libexpat/libexpat/pull/558">MISC</a></li>
        <li><a href="http://www.openwall.com/lists/oss-security/2022/02/19/1">MLIST</a></li>
        <li><a href="https://www.debian.org/security/2022/dsa-5085">DEBIAN</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/">FEDORA</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/">FEDORA</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20220303-0008/">CONFIRM</a></li>
        <li><a href="https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html">MLIST</a></li>
        <li><a href="https://www.oracle.com/security-alerts/cpuapr2022.html">MISC</a></li>
        <li><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf">CONFIRM</a></li>
        <li><a href="https://security.gentoo.org/glsa/202209-24">GENTOO</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-EXPAT-2406938">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">Out-of-bounds Read</h2>
            <div class="card__section">
        
                <div class="label label--medium">
                    <span class="label__text">medium severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            e2fsprogs/libcom-err2
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1 and e2fsprogs/libcom-err2@1.46.3-1ubuntu3
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        e2fsprogs/libcom-err2@1.46.3-1ubuntu3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        e2fsprogs@1.46.3-1ubuntu3
                                         <span class="list-paths__item__arrow">›</span> 
                                        e2fsprogs/libcom-err2@1.46.3-1ubuntu3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        e2fsprogs@1.46.3-1ubuntu3
                                         <span class="list-paths__item__arrow">›</span> 
                                        e2fsprogs/libss2@1.46.3-1ubuntu3
                                         <span class="list-paths__item__arrow">›</span> 
                                        e2fsprogs/libcom-err2@1.46.3-1ubuntu3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        adduser@3.118ubuntu5
                                         <span class="list-paths__item__arrow">›</span> 
                                        shadow/passwd@1:4.8.1-1ubuntu9
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam-modules@1.3.1-5ubuntu11
                                         <span class="list-paths__item__arrow">›</span> 
                                        libnsl/libnsl2@1.3.0-2build1
                                         <span class="list-paths__item__arrow">›</span> 
                                        libtirpc/libtirpc3@1.3.2-2
                                         <span class="list-paths__item__arrow">›</span> 
                                        krb5/libgssapi-krb5-2@1.18.3-6
                                         <span class="list-paths__item__arrow">›</span> 
                                        e2fsprogs/libcom-err2@1.46.3-1ubuntu3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        adduser@3.118ubuntu5
                                         <span class="list-paths__item__arrow">›</span> 
                                        shadow/passwd@1:4.8.1-1ubuntu9
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam-modules@1.3.1-5ubuntu11
                                         <span class="list-paths__item__arrow">›</span> 
                                        libnsl/libnsl2@1.3.0-2build1
                                         <span class="list-paths__item__arrow">›</span> 
                                        libtirpc/libtirpc3@1.3.2-2
                                         <span class="list-paths__item__arrow">›</span> 
                                        krb5/libgssapi-krb5-2@1.18.3-6
                                         <span class="list-paths__item__arrow">›</span> 
                                        krb5/libkrb5-3@1.18.3-6
                                         <span class="list-paths__item__arrow">›</span> 
                                        e2fsprogs/libcom-err2@1.46.3-1ubuntu3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        e2fsprogs/libext2fs2@1.46.3-1ubuntu3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        e2fsprogs@1.46.3-1ubuntu3
                                         <span class="list-paths__item__arrow">›</span> 
                                        e2fsprogs/libext2fs2@1.46.3-1ubuntu3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        e2fsprogs/libss2@1.46.3-1ubuntu3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        e2fsprogs@1.46.3-1ubuntu3
                                         <span class="list-paths__item__arrow">›</span> 
                                        e2fsprogs/libss2@1.46.3-1ubuntu3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        e2fsprogs/logsave@1.46.3-1ubuntu3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        e2fsprogs@1.46.3-1ubuntu3
                                         <span class="list-paths__item__arrow">›</span> 
                                        e2fsprogs/logsave@1.46.3-1ubuntu3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        e2fsprogs@1.46.3-1ubuntu3
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>e2fsprogs</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>e2fsprogs</code> to version 1.46.3-1ubuntu3.1 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-1304">ADVISORY</a></li>
        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2069726">MISC</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-E2FSPROGS-2770726">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">Directory Traversal</h2>
            <div class="card__section">
        
                <div class="label label--medium">
                    <span class="label__text">medium severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            dpkg
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
        
                                    docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1, meta-common-packages@meta and others
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        meta-common-packages@meta
                                         <span class="list-paths__item__arrow">›</span> 
                                        dpkg@1.20.9ubuntu2
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>dpkg</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>dpkg</code> to version 1.20.9ubuntu2.2 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-1664">ADVISORY</a></li>
        <li><a href="https://lists.debian.org/debian-security-announce/2022/msg00115.html">MISC</a></li>
        <li><a href="https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be">MISC</a></li>
        <li><a href="https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b">MISC</a></li>
        <li><a href="https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html">MISC</a></li>
        <li><a href="https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5">MISC</a></li>
        <li><a href="https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495">MISC</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20221007-0002/">CONFIRM</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-DPKG-2847998">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">Improper Authentication</h2>
            <div class="card__section">
        
                <div class="label label--medium">
                    <span class="label__text">medium severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            curl/libcurl3-gnutls
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
        
                                    docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1, git@1:2.32.0-1ubuntu1 and others
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        curl/libcurl3-gnutls@7.74.0-1.3ubuntu2
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>curl</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>curl</code> to version 7.74.0-1.3ubuntu2.1 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-22576">ADVISORY</a></li>
        <li><a href="https://hackerone.com/reports/1526328">MISC</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20220609-0008/">CONFIRM</a></li>
        <li><a href="https://www.debian.org/security/2022/dsa-5197">DEBIAN</a></li>
        <li><a href="https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html">MLIST</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-CURL-2804946">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">Insufficiently Protected Credentials</h2>
            <div class="card__section">
        
                <div class="label label--medium">
                    <span class="label__text">medium severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            curl/libcurl3-gnutls
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
        
                                    docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1, git@1:2.32.0-1ubuntu1 and others
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        curl/libcurl3-gnutls@7.74.0-1.3ubuntu2
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>curl</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>curl</code> to version 7.74.0-1.3ubuntu2.1 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-27774">ADVISORY</a></li>
        <li><a href="https://hackerone.com/reports/1543773">MISC</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20220609-0008/">CONFIRM</a></li>
        <li><a href="https://www.debian.org/security/2022/dsa-5197">DEBIAN</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-CURL-2804964">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">Improper Certificate Validation</h2>
            <div class="card__section">
        
                <div class="label label--medium">
                    <span class="label__text">medium severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            curl/libcurl3-gnutls
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
        
                                    docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1, git@1:2.32.0-1ubuntu1 and others
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        curl/libcurl3-gnutls@7.74.0-1.3ubuntu2
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>curl</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>curl</code> to version 7.74.0-1.3ubuntu2.2 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-27782">ADVISORY</a></li>
        <li><a href="https://hackerone.com/reports/1555796">MISC</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20220609-0009/">CONFIRM</a></li>
        <li><a href="https://www.debian.org/security/2022/dsa-5197">DEBIAN</a></li>
        <li><a href="https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html">MLIST</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-CURL-2814206">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">Out-of-bounds Write</h2>
            <div class="card__section">
        
                <div class="label label--medium">
                    <span class="label__text">medium severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            curl/libcurl3-gnutls
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
        
                                    docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1, git@1:2.32.0-1ubuntu1 and others
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        curl/libcurl3-gnutls@7.74.0-1.3ubuntu2
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>curl</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>When curl &lt; 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>curl</code> to version 7.74.0-1.3ubuntu2.3 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-32208">ADVISORY</a></li>
        <li><a href="https://hackerone.com/reports/1590071">MISC</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/">FEDORA</a></li>
        <li><a href="https://www.debian.org/security/2022/dsa-5197">DEBIAN</a></li>
        <li><a href="https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html">MLIST</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20220915-0003/">CONFIRM</a></li>
        <li><a href="https://support.apple.com/kb/HT213488">CONFIRM</a></li>
        <li><a href="http://seclists.org/fulldisclosure/2022/Oct/41">FULLDISC</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-CURL-2936019">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">Incorrect Default Permissions</h2>
            <div class="card__section">
        
                <div class="label label--medium">
                    <span class="label__text">medium severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            curl/libcurl3-gnutls
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
        
                                    docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1, git@1:2.32.0-1ubuntu1 and others
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        curl/libcurl3-gnutls@7.74.0-1.3ubuntu2
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>curl</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>When curl &lt; 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally <em>widen</em> the permissions for the target file, leaving the updated file accessible to more users than intended.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>curl</code> to version 7.74.0-1.3ubuntu2.3 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-32207">ADVISORY</a></li>
        <li><a href="https://hackerone.com/reports/1573634">MISC</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/">FEDORA</a></li>
        <li><a href="https://www.debian.org/security/2022/dsa-5197">DEBIAN</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20220915-0003/">CONFIRM</a></li>
        <li><a href="https://support.apple.com/kb/HT213488">CONFIRM</a></li>
        <li><a href="http://seclists.org/fulldisclosure/2022/Oct/41">FULLDISC</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-CURL-2936025">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
            <div class="card__section">
        
                <div class="label label--medium">
                    <span class="label__text">medium severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            curl/libcurl3-gnutls
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
        
                                    docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1, git@1:2.32.0-1ubuntu1 and others
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        curl/libcurl3-gnutls@7.74.0-1.3ubuntu2
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>curl</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>curl &lt; 7.84.0 supports &#34;chained&#34; HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable &#34;links&#34; in this &#34;decompression chain&#34; was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a &#34;malloc bomb&#34;, makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>curl</code> to version 7.74.0-1.3ubuntu2.3 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-32206">ADVISORY</a></li>
        <li><a href="https://hackerone.com/reports/1570651">MISC</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/">FEDORA</a></li>
        <li><a href="https://www.debian.org/security/2022/dsa-5197">DEBIAN</a></li>
        <li><a href="https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html">MLIST</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20220915-0003/">CONFIRM</a></li>
        <li><a href="https://support.apple.com/kb/HT213488">CONFIRM</a></li>
        <li><a href="http://seclists.org/fulldisclosure/2022/Oct/41">FULLDISC</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-CURL-2936031">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
            <div class="card__section">
        
                <div class="label label--medium">
                    <span class="label__text">medium severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            curl/libcurl3-gnutls
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
        
                                    docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1, git@1:2.32.0-1ubuntu1 and others
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        curl/libcurl3-gnutls@7.74.0-1.3ubuntu2
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>curl</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>A malicious server can serve excessive amounts of <code>Set-Cookie:</code> headers in a HTTP response to curl and curl &lt; 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven&#39;t expired. Due to cookie matching rules, a server on <code>foo.example.com</code> can set cookies that also would match for <code>bar.example.com</code>, making it it possible for a &#34;sister server&#34; to effectively cause a denial of service for a sibling site on the same second level domain using this method.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>curl</code> to version 7.74.0-1.3ubuntu2.3 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-32205">ADVISORY</a></li>
        <li><a href="https://hackerone.com/reports/1569946">MISC</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/">FEDORA</a></li>
        <li><a href="https://www.debian.org/security/2022/dsa-5197">DEBIAN</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20220915-0003/">CONFIRM</a></li>
        <li><a href="https://support.apple.com/kb/HT213488">CONFIRM</a></li>
        <li><a href="http://seclists.org/fulldisclosure/2022/Oct/41">FULLDISC</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-CURL-2936081">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">NULL Pointer Dereference</h2>
            <div class="card__section">
        
                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            tar
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
        
                                    docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1, meta-common-packages@meta and others
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        meta-common-packages@meta
                                         <span class="list-paths__item__arrow">›</span> 
                                        tar@1.34+dfsg-1build1
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>tar</code> package.</em></p>
        <p>pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:21.10</code> <code>tar</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="https://security-tracker.debian.org/tracker/CVE-2019-9923">Debian Security Tracker</a></li>
        <li><a href="http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120">MISC</a></li>
        <li><a href="http://savannah.gnu.org/bugs/?55369">MISC</a></li>
        <li><a href="https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241">MISC</a></li>
        <li><a href="https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E">MLIST</a></li>
        <li><a href="https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E">MLIST</a></li>
        <li><a href="http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html">OpenSuse Security Announcement</a></li>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9923">Ubuntu CVE Tracker</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-TAR-1744334">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">CVE-2021-36690</h2>
            <div class="card__section">
        
                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            sqlite3/libsqlite3-0
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
        
                                    docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1, gnupg2/gpg@2.2.20-1ubuntu4 and others
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpg@2.2.20-1ubuntu4
                                         <span class="list-paths__item__arrow">›</span> 
                                        sqlite3/libsqlite3-0@3.35.5-1
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>sqlite3</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>** DISPUTED ** A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>sqlite3</code> to version 3.35.5-1ubuntu0.1 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-36690">ADVISORY</a></li>
        <li><a href="https://www.sqlite.org/forum/forumpost/718c0a8d17">MISC</a></li>
        <li><a href="https://www.oracle.com/security-alerts/cpujan2022.html">N/A</a></li>
        <li><a href="https://support.apple.com/kb/HT213488">CONFIRM</a></li>
        <li><a href="https://support.apple.com/kb/HT213446">CONFIRM</a></li>
        <li><a href="https://support.apple.com/kb/HT213486">CONFIRM</a></li>
        <li><a href="https://support.apple.com/kb/HT213487">CONFIRM</a></li>
        <li><a href="http://seclists.org/fulldisclosure/2022/Oct/41">FULLDISC</a></li>
        <li><a href="http://seclists.org/fulldisclosure/2022/Oct/28">FULLDISC</a></li>
        <li><a href="http://seclists.org/fulldisclosure/2022/Oct/39">FULLDISC</a></li>
        <li><a href="http://seclists.org/fulldisclosure/2022/Oct/47">FULLDISC</a></li>
        <li><a href="http://seclists.org/fulldisclosure/2022/Oct/49">FULLDISC</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-SQLITE3-1735840">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">CVE-2020-9991</h2>
            <div class="card__section">
        
                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            sqlite3/libsqlite3-0
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
        
                                    docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1, gnupg2/gpg@2.2.20-1ubuntu4 and others
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpg@2.2.20-1ubuntu4
                                         <span class="list-paths__item__arrow">›</span> 
                                        sqlite3/libsqlite3-0@3.35.5-1
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>sqlite3</code> package.</em></p>
        <p>This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iCloud for Windows 7.21, tvOS 14.0. A remote attacker may be able to cause a denial of service.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:21.10</code> <code>sqlite3</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-9991">ADVISORY</a></li>
        <li><a href="https://support.apple.com/kb/HT211846">CONFIRM</a></li>
        <li><a href="http://seclists.org/fulldisclosure/2020/Dec/32">FULLDISC</a></li>
        <li><a href="https://support.apple.com/en-us/HT211843">MISC</a></li>
        <li><a href="https://support.apple.com/en-us/HT211844">MISC</a></li>
        <li><a href="https://support.apple.com/en-us/HT211847">MISC</a></li>
        <li><a href="https://support.apple.com/en-us/HT211850">MISC</a></li>
        <li><a href="https://support.apple.com/en-us/HT211931">MISC</a></li>
        <li><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">MLIST</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-SQLITE3-1739594">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">Information Exposure</h2>
            <div class="card__section">
        
                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            sqlite3/libsqlite3-0
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
        
                                    docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1, gnupg2/gpg@2.2.20-1ubuntu4 and others
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpg@2.2.20-1ubuntu4
                                         <span class="list-paths__item__arrow">›</span> 
                                        sqlite3/libsqlite3-0@3.35.5-1
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>sqlite3</code> package.</em></p>
        <p>An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0. A remote attacker may be able to leak memory.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:21.10</code> <code>sqlite3</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-9849">ADVISORY</a></li>
        <li><a href="http://seclists.org/fulldisclosure/2020/Dec/32">FULLDISC</a></li>
        <li><a href="https://support.apple.com/en-us/HT211843">MISC</a></li>
        <li><a href="https://support.apple.com/en-us/HT211844">MISC</a></li>
        <li><a href="https://support.apple.com/en-us/HT211850">MISC</a></li>
        <li><a href="https://support.apple.com/en-us/HT211931">MISC</a></li>
        <li><a href="https://support.apple.com/en-us/HT211935">MISC</a></li>
        <li><a href="https://support.apple.com/en-us/HT211952">MISC</a></li>
        <li><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">MLIST</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-SQLITE3-1739669">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">Time-of-check Time-of-use (TOCTOU)</h2>
            <div class="card__section">
        
                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            shadow/passwd
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1 and shadow/passwd@1:4.8.1-1ubuntu9
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        shadow/passwd@1:4.8.1-1ubuntu9
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        adduser@3.118ubuntu5
                                         <span class="list-paths__item__arrow">›</span> 
                                        shadow/passwd@1:4.8.1-1ubuntu9
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssh/openssh-client@1:8.4p1-6ubuntu2.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        shadow/passwd@1:4.8.1-1ubuntu9
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        shadow/login@1:4.8.1-1ubuntu9
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/mount@2.36.1-8ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux@2.36.1-8ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        shadow/login@1:4.8.1-1ubuntu9
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>shadow</code> package.</em></p>
        <p>shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:21.10</code> <code>shadow</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2013-4235">ADVISORY</a></li>
        <li><a href="https://security-tracker.debian.org/tracker/CVE-2013-4235">Debian Security Tracker</a></li>
        <li><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">MLIST</a></li>
        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235">RedHat Bugzilla Bug</a></li>
        <li><a href="https://access.redhat.com/security/cve/cve-2013-4235">RedHat CVE Database</a></li>
        <li><a href="https://security.gentoo.org/glsa/202210-26">GENTOO</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-SHADOW-1758374">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">Out-of-bounds Read</h2>
            <div class="card__section">
        
                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            pcre3/libpcre3
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1 and pcre3/libpcre3@2:8.39-13build3
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        pcre3/libpcre3@2:8.39-13build3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        grep@3.7-0ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        pcre3/libpcre3@2:8.39-13build3
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>pcre3</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>pcre3</code> to version 2:8.39-13ubuntu0.21.10.1 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-20838">ADVISORY</a></li>
        <li><a href="https://security-tracker.debian.org/tracker/CVE-2019-20838">ADVISORY</a></li>
        <li><a href="https://support.apple.com/kb/HT211931">CONFIRM</a></li>
        <li><a href="https://support.apple.com/kb/HT212147">CONFIRM</a></li>
        <li><a href="http://seclists.org/fulldisclosure/2020/Dec/32">FULLDISC</a></li>
        <li><a href="http://seclists.org/fulldisclosure/2021/Feb/14">FULLDISC</a></li>
        <li><a href="https://bugs.gentoo.org/717920">MISC</a></li>
        <li><a href="https://www.pcre.org/original/changelog.txt">MISC</a></li>
        <li><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">MLIST</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-PCRE3-1747092">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">Uncontrolled Recursion</h2>
            <div class="card__section">
        
                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            pcre3/libpcre3
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1 and pcre3/libpcre3@2:8.39-13build3
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        pcre3/libpcre3@2:8.39-13build3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        grep@3.7-0ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        pcre3/libpcre3@2:8.39-13build3
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>pcre3</code> package.</em></p>
        <p>In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:21.10</code> <code>pcre3</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11164">ADVISORY</a></li>
        <li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164">CVE Details</a></li>
        <li><a href="https://security-tracker.debian.org/tracker/CVE-2017-11164">Debian Security Tracker</a></li>
        <li><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">MLIST</a></li>
        <li><a href="http://openwall.com/lists/oss-security/2017/07/11/3">OSS security Advisory</a></li>
        <li><a href="http://www.securityfocus.com/bid/99575">Security Focus</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-PCRE3-1755307">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">Out-of-bounds Read</h2>
            <div class="card__section">
        
                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            pcre2/libpcre2-8-0
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
        
                                    docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1, meta-common-packages@meta and others
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        meta-common-packages@meta
                                         <span class="list-paths__item__arrow">›</span> 
                                        pcre2/libpcre2-8-0@10.37-0ubuntu2
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>pcre2</code> package.</em></p>
        <p>An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:21.10</code> <code>pcre2</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-1587">ADVISORY</a></li>
        <li><a href="https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0">MISC</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/">FEDORA</a></li>
        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2077983,">MISC</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/">FEDORA</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/">FEDORA</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/">FEDORA</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20221028-0009/">CONFIRM</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-PCRE2-2810791">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">Out-of-bounds Read</h2>
            <div class="card__section">
        
                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            pcre2/libpcre2-8-0
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
        
                                    docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1, meta-common-packages@meta and others
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        meta-common-packages@meta
                                         <span class="list-paths__item__arrow">›</span> 
                                        pcre2/libpcre2-8-0@10.37-0ubuntu2
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>pcre2</code> package.</em></p>
        <p>An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:21.10</code> <code>pcre2</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-1586">ADVISORY</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/">FEDORA</a></li>
        <li><a href="https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a,">MISC</a></li>
        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2077976,">MISC</a></li>
        <li><a href="https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc388f89095b184ba6d99422cfc676c">MISC</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/">FEDORA</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/">FEDORA</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/">FEDORA</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20221028-0009/">CONFIRM</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-PCRE2-2810803">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">Double Free</h2>
            <div class="card__section">
        
                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            patch
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1 and patch@2.7.6-7
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        patch@2.7.6-7
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>patch</code> package.</em></p>
        <p>A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:21.10</code> <code>patch</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-6952">ADVISORY</a></li>
        <li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6952">CVE Details</a></li>
        <li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6952">Debian Security Tracker</a></li>
        <li><a href="https://security.gentoo.org/glsa/201904-17">Gentoo Security Advisory</a></li>
        <li><a href="https://savannah.gnu.org/bugs/index.php?53133">MISC</a></li>
        <li><a href="https://access.redhat.com/errata/RHSA-2019:2033">REDHAT</a></li>
        <li><a href="http://www.securityfocus.com/bid/103047">Security Focus</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-PATCH-1749112">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">Release of Invalid Pointer or Reference</h2>
            <div class="card__section">
        
                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            patch
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1 and patch@2.7.6-7
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        patch@2.7.6-7
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>patch</code> package.</em></p>
        <p>An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:21.10</code> <code>patch</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-45261">ADVISORY</a></li>
        <li><a href="https://savannah.gnu.org/bugs/?61685">MISC</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-PATCH-2325782">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">CVE-2021-41617</h2>
            <div class="card__section">
        
                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            openssh/openssh-client
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1 and openssh/openssh-client@1:8.4p1-6ubuntu2.1
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssh/openssh-client@1:8.4p1-6ubuntu2.1
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>openssh</code> package.</em></p>
        <p>sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:21.10</code> <code>openssh</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-41617">ADVISORY</a></li>
        <li><a href="https://bugzilla.suse.com/show_bug.cgi?id=1190975">CONFIRM</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20211014-0004/">CONFIRM</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/">FEDORA</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT/">FEDORA</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET/">FEDORA</a></li>
        <li><a href="https://www.openssh.com/security.html">MISC</a></li>
        <li><a href="https://www.openssh.com/txt/release-8.8">MISC</a></li>
        <li><a href="https://www.openwall.com/lists/oss-security/2021/09/26/1">MISC</a></li>
        <li><a href="https://www.oracle.com/security-alerts/cpuapr2022.html">MISC</a></li>
        <li><a href="https://www.oracle.com/security-alerts/cpujul2022.html">N/A</a></li>
        <li><a href="https://www.starwindsoftware.com/security/sw-20220805-0001/">MISC</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-OPENSSH-1735364">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">Information Exposure</h2>
            <div class="card__section">
        
                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            openssh/openssh-client
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1 and openssh/openssh-client@1:8.4p1-6ubuntu2.1
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssh/openssh-client@1:8.4p1-6ubuntu2.1
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>openssh</code> package.</em></p>
        <p>The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:21.10</code> <code>openssh</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-14145">ADVISORY</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20200709-0004/">CONFIRM</a></li>
        <li><a href="https://security.gentoo.org/glsa/202105-35">GENTOO</a></li>
        <li><a href="https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d">MISC</a></li>
        <li><a href="https://docs.ssh-mitm.at/CVE-2020-14145.html">MISC</a></li>
        <li><a href="https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1">MISC</a></li>
        <li><a href="https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py">MISC</a></li>
        <li><a href="https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/">MISC</a></li>
        <li><a href="http://www.openwall.com/lists/oss-security/2020/12/02/1">MLIST</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-OPENSSH-1743606">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">Out-of-bounds Read</h2>
            <div class="card__section">
        
                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            ncurses/libtinfo6
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1 and ncurses/libtinfo6@6.2+20201114-2build1
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        ncurses/libtinfo6@6.2+20201114-2build1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        bash@5.1-3ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        ncurses/libtinfo6@6.2+20201114-2build1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        ncurses/libncursesw6@6.2+20201114-2build1
                                         <span class="list-paths__item__arrow">›</span> 
                                        ncurses/libtinfo6@6.2+20201114-2build1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        less@551-2
                                         <span class="list-paths__item__arrow">›</span> 
                                        ncurses/libtinfo6@6.2+20201114-2build1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        libedit/libedit2@3.1-20191231-2build1
                                         <span class="list-paths__item__arrow">›</span> 
                                        ncurses/libtinfo6@6.2+20201114-2build1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        ncurses/libncurses6@6.2+20201114-2build1
                                         <span class="list-paths__item__arrow">›</span> 
                                        ncurses/libtinfo6@6.2+20201114-2build1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        ncurses/ncurses-bin@6.2+20201114-2build1
                                         <span class="list-paths__item__arrow">›</span> 
                                        ncurses/libtinfo6@6.2+20201114-2build1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        procps@2:3.3.17-5ubuntu3
                                         <span class="list-paths__item__arrow">›</span> 
                                        ncurses/libtinfo6@6.2+20201114-2build1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/mount@2.36.1-8ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux@2.36.1-8ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        ncurses/libtinfo6@6.2+20201114-2build1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpg@2.2.20-1ubuntu4
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpgconf@2.2.20-1ubuntu4
                                         <span class="list-paths__item__arrow">›</span> 
                                        readline/libreadline8@8.1-2
                                         <span class="list-paths__item__arrow">›</span> 
                                        ncurses/libtinfo6@6.2+20201114-2build1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gnupg@2.2.20-1ubuntu4
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpg-agent@2.2.20-1ubuntu4
                                         <span class="list-paths__item__arrow">›</span> 
                                        pinentry/pinentry-curses@1.1.1-1
                                         <span class="list-paths__item__arrow">›</span> 
                                        ncurses/libtinfo6@6.2+20201114-2build1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        ncurses/libncursesw6@6.2+20201114-2build1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        procps@2:3.3.17-5ubuntu3
                                         <span class="list-paths__item__arrow">›</span> 
                                        ncurses/libncursesw6@6.2+20201114-2build1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gnupg@2.2.20-1ubuntu4
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpg-agent@2.2.20-1ubuntu4
                                         <span class="list-paths__item__arrow">›</span> 
                                        pinentry/pinentry-curses@1.1.1-1
                                         <span class="list-paths__item__arrow">›</span> 
                                        ncurses/libncursesw6@6.2+20201114-2build1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        ncurses/libncurses6@6.2+20201114-2build1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        procps@2:3.3.17-5ubuntu3
                                         <span class="list-paths__item__arrow">›</span> 
                                        ncurses/libncurses6@6.2+20201114-2build1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        ncurses/ncurses-base@6.2+20201114-2build1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        ncurses/ncurses-bin@6.2+20201114-2build1
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>ncurses</code> package.</em></p>
        <p>ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:21.10</code> <code>ncurses</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-29458">ADVISORY</a></li>
        <li><a href="https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html">MISC</a></li>
        <li><a href="https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html">MISC</a></li>
        <li><a href="https://support.apple.com/kb/HT213488">CONFIRM</a></li>
        <li><a href="https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html">MLIST</a></li>
        <li><a href="http://seclists.org/fulldisclosure/2022/Oct/41">FULLDISC</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-NCURSES-2770347">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">Out-of-bounds Read</h2>
            <div class="card__section">
        
                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            libsepol/libsepol1
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1 and libsepol/libsepol1@3.1-1ubuntu2
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        libsepol/libsepol1@3.1-1ubuntu2
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        adduser@3.118ubuntu5
                                         <span class="list-paths__item__arrow">›</span> 
                                        shadow/passwd@1:4.8.1-1ubuntu9
                                         <span class="list-paths__item__arrow">›</span> 
                                        libsemanage/libsemanage1@3.1-1ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        libsepol/libsepol1@3.1-1ubuntu2
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>libsepol</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>libsepol</code> to version 3.1-1ubuntu2.1 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-36087">ADVISORY</a></li>
        <li><a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32675">MISC</a></li>
        <li><a href="https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-585.yaml">MISC</a></li>
        <li><a href="https://github.com/SELinuxProject/selinux/commit/bad0a746e9f4cf260dedba5828d9645d50176aac">MISC</a></li>
        <li><a href="https://lore.kernel.org/selinux/CAEN2sdqJKHvDzPnxS-J8grU8fSf32DDtx=kyh84OsCq_Vm+yaQ@mail.gmail.com/T/">MISC</a></li>
        <li><a href="https://github.com/SELinuxProject/selinux/commit/340f0eb7f3673e8aacaf0a96cbfcd4d12a405521">MISC</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/">FEDORA</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-LIBSEPOL-1735893">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">Use After Free</h2>
            <div class="card__section">
        
                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            libsepol/libsepol1
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1 and libsepol/libsepol1@3.1-1ubuntu2
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        libsepol/libsepol1@3.1-1ubuntu2
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        adduser@3.118ubuntu5
                                         <span class="list-paths__item__arrow">›</span> 
                                        shadow/passwd@1:4.8.1-1ubuntu9
                                         <span class="list-paths__item__arrow">›</span> 
                                        libsemanage/libsemanage1@3.1-1ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        libsepol/libsepol1@3.1-1ubuntu2
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>libsepol</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map).</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>libsepol</code> to version 3.1-1ubuntu2.1 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-36085">ADVISORY</a></li>
        <li><a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124">MISC</a></li>
        <li><a href="https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml">MISC</a></li>
        <li><a href="https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba">MISC</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/">FEDORA</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-LIBSEPOL-1735898">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">Use After Free</h2>
            <div class="card__section">
        
                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            libsepol/libsepol1
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1 and libsepol/libsepol1@3.1-1ubuntu2
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        libsepol/libsepol1@3.1-1ubuntu2
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        adduser@3.118ubuntu5
                                         <span class="list-paths__item__arrow">›</span> 
                                        shadow/passwd@1:4.8.1-1ubuntu9
                                         <span class="list-paths__item__arrow">›</span> 
                                        libsemanage/libsemanage1@3.1-1ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        libsepol/libsepol1@3.1-1ubuntu2
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>libsepol</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list).</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>libsepol</code> to version 3.1-1ubuntu2.1 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-36086">ADVISORY</a></li>
        <li><a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32177">MISC</a></li>
        <li><a href="https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-536.yaml">MISC</a></li>
        <li><a href="https://github.com/SELinuxProject/selinux/commit/c49a8ea09501ad66e799ea41b8154b6770fec2c8">MISC</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/">FEDORA</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-LIBSEPOL-1735900">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">Use After Free</h2>
            <div class="card__section">
        
                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            libsepol/libsepol1
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1 and libsepol/libsepol1@3.1-1ubuntu2
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        libsepol/libsepol1@3.1-1ubuntu2
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        adduser@3.118ubuntu5
                                         <span class="list-paths__item__arrow">›</span> 
                                        shadow/passwd@1:4.8.1-1ubuntu9
                                         <span class="list-paths__item__arrow">›</span> 
                                        libsemanage/libsemanage1@3.1-1ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        libsepol/libsepol1@3.1-1ubuntu2
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>libsepol</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper).</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>libsepol</code> to version 3.1-1ubuntu2.1 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-36084">ADVISORY</a></li>
        <li><a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065">MISC</a></li>
        <li><a href="https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml">MISC</a></li>
        <li><a href="https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3">MISC</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/">FEDORA</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-LIBSEPOL-1735902">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">Integer Overflow or Wraparound</h2>
            <div class="card__section">
        
                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            krb5/libk5crypto3
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1 and krb5/libk5crypto3@1.18.3-6
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        krb5/libk5crypto3@1.18.3-6
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        adduser@3.118ubuntu5
                                         <span class="list-paths__item__arrow">›</span> 
                                        shadow/passwd@1:4.8.1-1ubuntu9
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam-modules@1.3.1-5ubuntu11
                                         <span class="list-paths__item__arrow">›</span> 
                                        libnsl/libnsl2@1.3.0-2build1
                                         <span class="list-paths__item__arrow">›</span> 
                                        libtirpc/libtirpc3@1.3.2-2
                                         <span class="list-paths__item__arrow">›</span> 
                                        krb5/libgssapi-krb5-2@1.18.3-6
                                         <span class="list-paths__item__arrow">›</span> 
                                        krb5/libk5crypto3@1.18.3-6
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        adduser@3.118ubuntu5
                                         <span class="list-paths__item__arrow">›</span> 
                                        shadow/passwd@1:4.8.1-1ubuntu9
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam-modules@1.3.1-5ubuntu11
                                         <span class="list-paths__item__arrow">›</span> 
                                        libnsl/libnsl2@1.3.0-2build1
                                         <span class="list-paths__item__arrow">›</span> 
                                        libtirpc/libtirpc3@1.3.2-2
                                         <span class="list-paths__item__arrow">›</span> 
                                        krb5/libgssapi-krb5-2@1.18.3-6
                                         <span class="list-paths__item__arrow">›</span> 
                                        krb5/libkrb5-3@1.18.3-6
                                         <span class="list-paths__item__arrow">›</span> 
                                        krb5/libk5crypto3@1.18.3-6
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        krb5/libkrb5-3@1.18.3-6
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        adduser@3.118ubuntu5
                                         <span class="list-paths__item__arrow">›</span> 
                                        shadow/passwd@1:4.8.1-1ubuntu9
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam-modules@1.3.1-5ubuntu11
                                         <span class="list-paths__item__arrow">›</span> 
                                        libnsl/libnsl2@1.3.0-2build1
                                         <span class="list-paths__item__arrow">›</span> 
                                        libtirpc/libtirpc3@1.3.2-2
                                         <span class="list-paths__item__arrow">›</span> 
                                        krb5/libgssapi-krb5-2@1.18.3-6
                                         <span class="list-paths__item__arrow">›</span> 
                                        krb5/libkrb5-3@1.18.3-6
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        krb5/libgssapi-krb5-2@1.18.3-6
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssh/openssh-client@1:8.4p1-6ubuntu2.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        krb5/libgssapi-krb5-2@1.18.3-6
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        curl/libcurl3-gnutls@7.74.0-1.3ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        krb5/libgssapi-krb5-2@1.18.3-6
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        curl/libcurl3-gnutls@7.74.0-1.3ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        libssh/libssh-4@0.9.6-1
                                         <span class="list-paths__item__arrow">›</span> 
                                        krb5/libgssapi-krb5-2@1.18.3-6
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        adduser@3.118ubuntu5
                                         <span class="list-paths__item__arrow">›</span> 
                                        shadow/passwd@1:4.8.1-1ubuntu9
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam-modules@1.3.1-5ubuntu11
                                         <span class="list-paths__item__arrow">›</span> 
                                        libnsl/libnsl2@1.3.0-2build1
                                         <span class="list-paths__item__arrow">›</span> 
                                        libtirpc/libtirpc3@1.3.2-2
                                         <span class="list-paths__item__arrow">›</span> 
                                        krb5/libgssapi-krb5-2@1.18.3-6
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        meta-common-packages@meta
                                         <span class="list-paths__item__arrow">›</span> 
                                        krb5/libkrb5support0@1.18.3-6
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>krb5</code> package.</em></p>
        <p>An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable &#34;dbentry-&gt;n_key_data&#34; in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a &#34;u4&#34; variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:21.10</code> <code>krb5</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709">CVE Details</a></li>
        <li><a href="https://security-tracker.debian.org/tracker/CVE-2018-5709">Debian Security Tracker</a></li>
        <li><a href="https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow">GitHub Additional Information</a></li>
        <li><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">MLIST</a></li>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-5709">Ubuntu CVE Tracker</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-KRB5-1749300">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">Integer Overflow or Wraparound</h2>
            <div class="card__section">
        
                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            gmp/libgmp10
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1 and gmp/libgmp10@2:6.2.1+dfsg-1ubuntu2
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gmp/libgmp10@2:6.2.1+dfsg-1ubuntu2
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        coreutils@8.32-4ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        gmp/libgmp10@2:6.2.1+dfsg-1ubuntu2
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        apt@2.3.9
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnutls28/libgnutls30@3.7.1-5ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gmp/libgmp10@2:6.2.1+dfsg-1ubuntu2
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        apt@2.3.9
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnutls28/libgnutls30@3.7.1-5ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        nettle/libhogweed6@3.7.3-1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gmp/libgmp10@2:6.2.1+dfsg-1ubuntu2
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        curl/libcurl3-gnutls@7.74.0-1.3ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build3
                                         <span class="list-paths__item__arrow">›</span> 
                                        gmp/libgmp10@2:6.2.1+dfsg-1ubuntu2
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>gmp</code> package.</em></p>
        <p>GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:21.10</code> <code>gmp</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-43618">ADVISORY</a></li>
        <li><a href="https://bugs.debian.org/994405">MISC</a></li>
        <li><a href="https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html">MISC</a></li>
        <li><a href="https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e">MISC</a></li>
        <li><a href="https://lists.debian.org/debian-lts-announce/2021/12/msg00001.html">MLIST</a></li>
        <li><a href="http://www.openwall.com/lists/oss-security/2022/10/13/3">MLIST</a></li>
        <li><a href="http://seclists.org/fulldisclosure/2022/Oct/8">FULLDISC</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-GMP-1921286">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">Buffer Overflow</h2>
            <div class="card__section">
        
                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            glibc/libc-bin
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1 and glibc/libc-bin@2.34-0ubuntu3
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        glibc/libc-bin@2.34-0ubuntu3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        meta-common-packages@meta
                                         <span class="list-paths__item__arrow">›</span> 
                                        glibc/libc6@2.34-0ubuntu3
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>glibc</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>glibc</code> to version 2.34-0ubuntu3.2 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-23219">ADVISORY</a></li>
        <li><a href="https://sourceware.org/bugzilla/show_bug.cgi?id=22542">MISC</a></li>
        <li><a href="https://www.oracle.com/security-alerts/cpujul2022.html">N/A</a></li>
        <li><a href="https://security.gentoo.org/glsa/202208-24">GENTOO</a></li>
        <li><a href="https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html">MLIST</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-GLIBC-2356806">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">Buffer Overflow</h2>
            <div class="card__section">
        
                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            glibc/libc-bin
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1 and glibc/libc-bin@2.34-0ubuntu3
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        glibc/libc-bin@2.34-0ubuntu3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        meta-common-packages@meta
                                         <span class="list-paths__item__arrow">›</span> 
                                        glibc/libc6@2.34-0ubuntu3
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>glibc</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>glibc</code> to version 2.34-0ubuntu3.2 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-23218">ADVISORY</a></li>
        <li><a href="https://sourceware.org/bugzilla/show_bug.cgi?id=28768">MISC</a></li>
        <li><a href="https://www.oracle.com/security-alerts/cpujul2022.html">N/A</a></li>
        <li><a href="https://security.gentoo.org/glsa/202208-24">GENTOO</a></li>
        <li><a href="https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html">MLIST</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-GLIBC-2356856">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
            <div class="card__section">
        
                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            glibc/libc-bin
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1 and glibc/libc-bin@2.34-0ubuntu3
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        glibc/libc-bin@2.34-0ubuntu3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        meta-common-packages@meta
                                         <span class="list-paths__item__arrow">›</span> 
                                        glibc/libc6@2.34-0ubuntu3
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>glibc</code> package.</em></p>
        <p>sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm&#39;s runtime is proportional to the square of the length of the password.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:21.10</code> <code>glibc</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-20013">ADVISORY</a></li>
        <li><a href="https://twitter.com/solardiz/status/795601240151457793">MISC</a></li>
        <li><a href="https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/">MISC</a></li>
        <li><a href="https://akkadia.org/drepper/SHA-crypt.txt">MISC</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-GLIBC-2415114">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">Improper Input Validation</h2>
            <div class="card__section">
        
                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            git/git-man
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
        
                                    docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1, git@1:2.32.0-1ubuntu1 and others
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git/git-man@1:2.32.0-1ubuntu1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git-lfs@2.13.2-1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>git</code> package.</em></p>
        <p>GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:21.10</code> <code>git</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-1000021">ADVISORY</a></li>
        <li><a href="https://security-tracker.debian.org/tracker/CVE-2018-1000021">Debian Security Tracker</a></li>
        <li><a href="http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html">http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-GIT-1752633">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">Incorrect Calculation</h2>
            <div class="card__section">
        
                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            expat/libexpat1
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
        
                                    docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1, git@1:2.32.0-1ubuntu1 and others
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        expat/libexpat1@2.4.1-2
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>expat</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>expat</code> to version 2.4.1-2ubuntu0.1 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-45960">ADVISORY</a></li>
        <li><a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1217609">MISC</a></li>
        <li><a href="https://github.com/libexpat/libexpat/issues/531">MISC</a></li>
        <li><a href="https://github.com/libexpat/libexpat/pull/534">MISC</a></li>
        <li><a href="http://www.openwall.com/lists/oss-security/2022/01/17/3">MLIST</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20220121-0004/">CONFIRM</a></li>
        <li><a href="https://www.tenable.com/security/tns-2022-05">CONFIRM</a></li>
        <li><a href="https://www.debian.org/security/2022/dsa-5073">DEBIAN</a></li>
        <li><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf">CONFIRM</a></li>
        <li><a href="https://security.gentoo.org/glsa/202209-24">GENTOO</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-EXPAT-2330058">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">CVE-2022-27775</h2>
            <div class="card__section">
        
                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            curl/libcurl3-gnutls
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
        
                                    docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1, git@1:2.32.0-1ubuntu1 and others
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        curl/libcurl3-gnutls@7.74.0-1.3ubuntu2
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>curl</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>curl</code> to version 7.74.0-1.3ubuntu2.1 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-27775">ADVISORY</a></li>
        <li><a href="https://hackerone.com/reports/1546268">MISC</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20220609-0008/">CONFIRM</a></li>
        <li><a href="https://www.debian.org/security/2022/dsa-5197">DEBIAN</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-CURL-2804952">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">Insufficiently Protected Credentials</h2>
            <div class="card__section">
        
                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            curl/libcurl3-gnutls
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
        
                                    docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1, git@1:2.32.0-1ubuntu1 and others
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        curl/libcurl3-gnutls@7.74.0-1.3ubuntu2
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>curl</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>curl</code> to version 7.74.0-1.3ubuntu2.1 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-27776">ADVISORY</a></li>
        <li><a href="https://hackerone.com/reports/1547048">MISC</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20220609-0008/">CONFIRM</a></li>
        <li><a href="https://www.debian.org/security/2022/dsa-5197">DEBIAN</a></li>
        <li><a href="https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html">MLIST</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7N5ZBWLNNPZKFK7Q4KEHGCJ2YELQEUJP/">FEDORA</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKKOQXPYLMBSEVDHFS32BPBR3ZQJKY5B/">FEDORA</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-CURL-2804958">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">Loop with Unreachable Exit Condition (&#x27;Infinite Loop&#x27;)</h2>
            <div class="card__section">
        
                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            curl/libcurl3-gnutls
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
        
                                    docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1, git@1:2.32.0-1ubuntu1 and others
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.32.0-1ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        curl/libcurl3-gnutls@7.74.0-1.3ubuntu2
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>curl</code> package.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:21.10</code> relevant versions.</em></p>
        <p>libcurl provides the <code>CURLOPT_CERTINFO</code> option to allow applications torequest details to be returned about a server&#39;s certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:21.10</code> <code>curl</code> to version 7.74.0-1.3ubuntu2.2 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-27781">ADVISORY</a></li>
        <li><a href="https://hackerone.com/reports/1555441">MISC</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20220609-0009/">CONFIRM</a></li>
        <li><a href="https://www.debian.org/security/2022/dsa-5197">DEBIAN</a></li>
        <li><a href="https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html">MLIST</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-CURL-2814224">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">Improper Input Validation</h2>
            <div class="card__section">
        
                <div class="label label--low">
                    <span class="label__text">low severity</span>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Package Manager: ubuntu:21.10
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            coreutils
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1 and coreutils@8.32-4ubuntu2
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd-applicationset@v0.4.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        coreutils@8.32-4ubuntu2
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>coreutils</code> package.</em></p>
        <p>chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal&#39;s input buffer.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:21.10</code> <code>coreutils</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2781">ADVISORY</a></li>
        <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2781">Debian Security Tracker</a></li>
        <li><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">MLIST</a></li>
        <li><a href="http://www.openwall.com/lists/oss-security/2016/02/28/2">OSS security Advisory</a></li>
        <li><a href="http://www.openwall.com/lists/oss-security/2016/02/28/3">OSS security Advisory</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2110-COREUTILS-1756916">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
      </div><!-- cards -->
    </div>
  </main><!-- .layout-stacked__content -->
</body>

</html>
